A hacker managed to violate the official forum of the popular mobile game "Clash of Kings." Thus he acquired about 1,6 million accounts.
The hack was held on July 14 by an unknown hacker who distributed a copy of the database to LeakedSource.com. The site allows users to search for their names and emails in a treasure of stolen and hacked data.
The database contains (among other things) user names, email addresses, IP addresses (which can often identify the user's location), device IDs, and Facebook items along with access badges (if the user used the social network to connect). Passwords in the leaked database are hashed and salted
"Clash of Kings" is one of the most popular mobile games with over 100 million installations on the Android platform.
Currently the forum is still down for repairs.
Hack is reportedly taking advantage of the company's loose user security approach, such as not using basic HTTPS encryption.
The hacker exploited a known weakness in forum software, an earlier version of vBulletin from the end of 2013. The specific vulnerability is so old that the tools for exploiting it are freely available on the internet.