UPDATED 23:25 EST / OCTOBER 19 2020

albiononline SECURITY

Data stolen in hack of medieval fantasy online game Albion Online

Albion Online, a free medieval fantasy massively multiplayer online role-playing game, has suffered a data breach.

The site and game were established in 2017 and has a user base of about 2.36 million players. The data breach allegedly occurred not in the game itself but the game’s forum.

Albion Online uses forum software called WoltLab Suite. WoltLab is an evolved variant of the MyBB forum software, which has been notorious over the years for how easy it is to hack.

“The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts,” Sandbox Interactive GmbH, the company behind Albion Online said in a forum post Saturday. “On top of that, the attacker gained access to encrypted passwords… these can NOT be used to log in to Albion Online, the website or the forum, nor can they be used to learn the passwords themselves. However, there is a small possibility they could be used to identify accounts with particularly weak passwords.”

The post warns that users who reuse their emails and passwords for both the game and forum should change their password as a precaution.

Officially Albion Online says that only its forum was breached, but there is some suggestion that the hack may have involved the game as well. According to security research Alon Gal, the hacker is claiming to have gained access to the main game’s database and other databases that contain sensitive information.

“The breach of Albion Online’s forum, including email addresses and hashed passwords, puts hundreds of thousands of users at risk of being victimized for fraud,” Robert Prigge, chief executive officer of identity verification company Jumio Corp., told SiliconANGLE. “As hashed passwords can be easily deciphered, cybercriminals can leverage bots and credential stuffing to try these login credentials across countless websites (including banking portals, social media accounts, healthcare sites and more) in search of an opening.”

Saryu Nayyar, CEO of security and analytics firm Gurucul Solutions Pvt Ltd A.G., noted that attacks against web forums are nothing new. “While forum attacks may lead to more serious consequences, the data acquired is often limited to email address, forum User I and password hash for the affected users,” she said. “That appears to be the case here with the Albion Online breach. Unfortunately, the attackers may be able to leverage their stolen data to engage in email-based Cast Netting or Spear Phishing attacks against Albion’s user base, even if they gained nothing else of value.”

Image: Albion Online

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.