A popular online role-playing game has revealed that its user forum has been compromised, exposing addresses e-mail and encrypted passwords for the site. Albion Online is a popular one game fantasy set in the Middle Ages and produced by Sandbox Interactive based in Berlin. Currently, the game is said to have about 2,5 million players.
Although no payment details have been compromised, hackers may be able to take control of forum users' accounts if users have the same login details on other sites.
According to the official announcement, hackers gained access to the forum user profiles, which include the email addresses associated with these forum accounts. In addition, hackers gained access to encrypted passwords. However, these can not be used to connect to Albion Online, the site or the forum. However, they may be used to identify and retrieve user accounts with particularly weak passwords.
Although the site uses a fairly secure hash method Bcrypt, its administrators have urged users to preemptively change their passwords to all other accounts to which they use the same login information.
The exact number of users affected by the incident in the popular online game forum is currently unknown. However, the forum estimates that about 300.000 of its members have been affected so far.
In addition, there are indications that the attackers took advantage of one error in the forum software of the site, the WoltLab Suite, which it has already received patch. Bugcrowd CEO Ashish Gupta commented on the incident, saying what organizations need to know is that there are many vulnerabilities on any platform, which cannot be managed by the organizations themselves, even those with internal security teams. Finally, Gupta recommends the implementation of a multilevel security approach to identify vulnerabilities more quickly and to gather information that will help strengthen defense and resistance against cyber attacks.