Online gaming company was hacked; more than 500,000 usernames and passwords leaked

Recent reports indicate that a malicious hacker managed to compromise the security of the Albion Online forum, a popular online role-playing video game, therefore stealing hashed usernames and passwords. The information was confirmed by Sandbox Interactive GmbH, a company in charge of Albion Online.

The company mentions that passwords were protected with Bcrypt, adding random data so that intrusion managers could not easily decrypt passwords: “As they are, this data cannot be used to log in to Albion Online, the website or forum, or to learn passwords,” the company said.

However, Sandbox Interactive recognizes that there is a possibility that this information may be used to identify very weak passwords, exposing some users to various attack modes.

Over the weekend an alleged hacker claimed to be in possession of the site’s database, announcing its sale on a hacking forum. The post has already been deleted, although some screenshots can still be found. 

As a security measure, the company has asked all its users to carry out a password reset, seeking to establish a highly secure keyword. Although no further details about the incident were revealed, Sandbox Interactive mentions that the attack was detected on Friday, October 16, and would have resulted from exploiting a vulnerability in WotLab Suite, the forum platform used by the game’s developers. This flaw has already been corrected. 

La imagen tiene un atributo ALT vacío; su nombre de archivo es albiononline01.jpg

The company is already collaborating with the relevant authorities in the investigation of the incident. Albion Online was released in June 2017 and has a presence on platforms such as Windows, macOS, Linux, as well as mobile operating systems. While Albion Online has about 3 million players, the forum is employed by around 290,000 active participants.