Albion Online (AO) is a free medieval fantasy MMORPG developed by Sandbox Interactive, a studio based in Berlin, Germany
A threat actor has breached the forum of Albion Online and stole usernames and password hashes from its database.
According to Sandbox Interactive, the intrusion took place on Friday, October 16, and the hacker exploited a vulnerability in its forum platform, known as WoltLab Suite.
“Unfortunately, we have become aware of a data breach in one of our systems, in which a malicious actor gained access to parts of our forum’s user database.” reads the message published on the forum.
“The intruder was able to access forum user profiles, which include the e-mail addresses connected to those forum accounts. On top of that, the attacker gained access to encrypted passwords (in technical terms: hashed and salted passwords).”
The moderator of the forum pointed out that the intruder did not access to payment information.
According to Sandbox Interactive, the passwords were hashed with the Bcrypt hashing function and then salted with random data, which makes it hard to crack if the password is not weak.
“However, there is a small possibility they could be used to identify accounts with particularly weak passwords.” continues the German game maker.
In response to the data breach, the game maker notified the forum members about the intrusion and asked them to reset passwords.
The company notified the authorities, but did not reveal the number of impacted users. The game maker announced to have addressed the flaw exploited in the attack.
“So far we have prioritized fixing vulnerabilities and informing players about this incident,” Sandbox Interactive said.
The game is believed to have more than 2.5 million players, while the number of registered members of the forum was 293,602 at the time of the attack.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Albion Online)
[adrotate banner=”5″]
[adrotate banner=”13″]
Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…
Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…
Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…
This website uses cookies.
![](data:image/svg+xml;charset=utf-8,<svg height="361px" width="566px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)