Pierluigi Paganini
October 19, 2020
Albion Online (AO) is a free medieval fantasy MMORPG developed by Sandbox Interactive, a studio based in Berlin, Germany
A threat actor has breached the forum of Albion Online and stole usernames and password hashes from its database.
According to Sandbox Interactive, the intrusion took place on Friday, October 16, and the hacker exploited a vulnerability in its forum platform, known as WoltLab Suite.
“Unfortunately, we have become aware of a data breach in one of our systems, in which a malicious actor gained access to parts of our forum’s user database.” reads the message published on the forum.
“The intruder was able to access forum user profiles, which include the e-mail addresses connected to those forum accounts. On top of that, the attacker gained access to encrypted passwords (in technical terms: hashed and salted passwords).”
The moderator of the forum pointed out that the intruder did not access to payment information.
According to Sandbox Interactive, the passwords were hashed with the Bcrypt hashing function and then salted with random data, which makes it hard to crack if the password is not weak.
“However, there is a small possibility they could be used to identify accounts with particularly weak passwords.” continues the German game maker.
In response to the data breach, the game maker notified the forum members about the intrusion and asked them to reset passwords.
The company notified the authorities, but did not reveal the number of impacted users. The game maker announced to have addressed the flaw exploited in the attack.
“So far we have prioritized fixing vulnerabilities and informing players about this incident,” Sandbox Interactive said.
The game is believed to have more than 2.5 million players, while the number of registered members of the forum was 293,602 at the time of the attack.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Albion Online)
[adrotate banner=”5″]
[adrotate banner=”13″]
