A hacker managed to violate the official forum of the popular mobile game "Clash of Kings." Thus he acquired about 1,6 million accounts.
The hack was carried out on July 14 by an unknown hacker, who made a copy of the database available to LeakedSource.com. The website allows to users to search for their names and email addresses in a treasure trove of stolen and hacked data.
The database contains (among other things) user names, email addresses, IP addresses (which can often identify the user's location), device identifiers, as well as data of Facebook along with the tokens access (if the user used the social network to log in). The passwords contained in the leaked database are hashed and salted
“Clash of Kings” is one of the most popular gameα για κινητά τηλέφωνα με πάνω από 100 εκατομμύρια εγκαταστάσεις για στην πλατφόρμα του Android.
Currently the forum is still down for repairs.
The hack reportedly took advantage of the company's lax approach to user security, such as not uses basic HTTPS encryption.
The hacker exploited a known weakness in forum software, an earlier version of vBulletin from the end of 2013. The specific vulnerability is so old that the tools for exploiting it are freely available on the internet.