Albion Online Forum Breach Exposes User Info

Written by

A popular online role-playing game (MMORPG) has revealed its user forum has been breached, exposing email addresses and encrypted passwords for the site.

Albion Online is a popular medieval fantasy game produced by Berlin-based Sandbox Interactive and said to have around 2.5 million players.

Its user forum operations account posted a note over the weekend warning that “a malicious actor gained access to parts of our forum’s user database.”

Although no payment information was hacked, users may be at risk of account takeover if they share the same log-ins across other sites.

“The intruder was able to access forum user profiles, which include the e-mail addresses connected to those forum accounts,” the notice explained.

“On top of that, the attacker gained access to encrypted passwords (in technical terms: hashed and salted passwords). These can NOT be used to log in to Albion Online, the website or the forum, nor can they be used to learn the passwords themselves. However, there is a small possibility they could be used to identify accounts with particularly weak passwords.”

Although the site uses the fairly secure Bcrypt hashing method, its admins urged users to change their passwords as a precaution, and across any other accounts that they may use the same log-ins for.

It’s unclear how many users were affected, although the forum boasted nearly 300,000 members at the time of writing.

It appears as if the online intruder exploited a bug in the site’s forum software, WoltLab Suite, which has since been patched.

“What organizations must learn from this incident is that vulnerabilities exist in every platform, far too many for organizations to manage by themselves, even those that have in-house security teams,” argued Bugcrowd CEO, Ashish Gupta.

“What’s needed is a layered security approach to find security vulnerabilities faster and gather actionable insights to increase resistance to cyber-attacks.”

What’s hot on Infosecurity Magazine?