A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.
The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.
In a sample given, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted. LeakedSource has now added the total 1,597,717 stolen records to its systems.
"Clash of Kings" stands as one of the most popular mobile games today, with upwards of 100 million installs on Android alone. A spokesperson for the game's developer, Elex, a Beijing, China-based tech company, did not respond to a request for comment. At the time of publication, the forum was down undergoing "maintenance".
The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption. The hacker exploited a known weakness in the forum's software, an older version of vBulletin, which dates back to late 2013. The version in question is vulnerable to a number of serious security flaws, which can be exploited with tools found readily online.
One of the LeakedSource members told me that the hacker actively sought out sites running vulnerable, out-of-date forum software, using a technique known as "Google dorking," which uses search engines to find sites running potentially vulnerable software and insecure configurations. The "Clash of Kings" forum was one of the largest that shows up in the search. "At this point, any unpatched vBulletin 4 forum with over 100,000 users is probably hacked," the member said. Earlier the Ubuntu online forums were hacked, and data belonging to over 2 Million users was compromised.
110 Reykjavik, Iceland