UPDATED 23:25 EDT / OCTOBER 19 2020


Data stolen in hack of medieval fantasy online game Albion Online

Albion Online, a free medieval fantasy massively multiplayer online role-playing game, has suffered a data breach.

The site and game were established in 2017 and has a user base of about 2.36 million players. The data breach allegedly occurred not in the game itself but the game’s forum.

Albion Online uses forum software called WoltLab Suite. WoltLab is an evolved variant of the MyBB forum software, which has been notorious over the years for how easy it is to hack.

“The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts,” Sandbox Interactive GmbH, the company behind Albion Online said in a forum post Saturday. “On top of that, the attacker gained access to encrypted passwords… these can NOT be used to log in to Albion Online, the website or the forum, nor can they be used to learn the passwords themselves. However, there is a small possibility they could be used to identify accounts with particularly weak passwords.”

The post warns that users who reuse their emails and passwords for both the game and forum should change their password as a precaution.

Officially Albion Online says that only its forum was breached, but there is some suggestion that the hack may have involved the game as well. According to security research Alon Gal, the hacker is claiming to have gained access to the main game’s database and other databases that contain sensitive information.

“The breach of Albion Online’s forum, including email addresses and hashed passwords, puts hundreds of thousands of users at risk of being victimized for fraud,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “As hashed passwords can be easily deciphered, cybercriminals can leverage bots and credential stuffing to try these login credentials across countless websites (including banking portals, social media accounts, healthcare sites and more) in search of an opening.”

Saryu Nayyar, CEO of security and analytics firm Gurucul Solutions Pvt Ltd A.G., noted that attacks against web forums are nothing new. “While forum attacks may lead to more serious consequences, the data acquired is often limited to email address, forum User I and password hash for the affected users,” she said. “That appears to be the case here with the Albion Online breach. Unfortunately, the attackers may be able to leverage their stolen data to engage in email-based Cast Netting or Spear Phishing attacks against Albion’s user base, even if they gained nothing else of value.”

Image: Albion Online

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.


“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.