Recent reports indicate that a malicious hacker managed to compromise the security of the Albion Online forum, a popular online role-playing video game, therefore stealing hashed usernames and passwords. The information was confirmed by Sandbox Interactive GmbH, a company in charge of Albion Online.
The company mentions that passwords were protected with Bcrypt, adding random data so that intrusion managers could not easily decrypt passwords: “As they are, this data cannot be used to log in to Albion Online, the website or forum, or to learn passwords,” the company said.
However, Sandbox Interactive recognizes that there is a possibility that this information may be used to identify very weak passwords, exposing some users to various attack modes.
Over the weekend an alleged hacker claimed to be in possession of the site’s database, announcing its sale on a hacking forum. The post has already been deleted, although some screenshots can still be found.
As a security measure, the company has asked all its users to carry out a password reset, seeking to establish a highly secure keyword. Although no further details about the incident were revealed, Sandbox Interactive mentions that the attack was detected on Friday, October 16, and would have resulted from exploiting a vulnerability in WotLab Suite, the forum platform used by the game’s developers. This flaw has already been corrected.
The company is already collaborating with the relevant authorities in the investigation of the incident. Albion Online was released in June 2017 and has a presence on platforms such as Windows, macOS, Linux, as well as mobile operating systems. While Albion Online has about 3 million players, the forum is employed by around 290,000 active participants.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.