Data Breach Exposes 1.6 Million Accounts from Clash of Kings Forum

July 25, 2016, Written By Natalie Rutledge
clash of kings

The official forum of Clash of Kings, the popular mobile game, was breached, and the hacker stole nearly 1.6 million accounts. The stolen data included usernames, email addresses, IP addresses, device identifiers, Facebook data and tokens. Fortunately, user passwords were protected, as they were hashed and salted.

On July 14, the attacker exploited a weakness in the forum’s security software to steal the information. The company was using a 2013 version of vBulletin, which is vulnerable to a number of well-documented security flaws.

After stealing the information, the hacker notified LeakedSource, a website which allows users to search for their login credentials to see if they’ve been hacked. A LeakedSource member told ZDNet that the hacker was looking for websites running out-of-date forum software, and Clash of Kings was the largest site listed.

“At this point, any unpatched vBulletin 4 forum with over 100,000 users is probably hacked,” the LeakedSource member told ZDNet.

Clash of Kings is one of the most popular mobile games on the market. There have been over 100 million installs on Android devices alone.



The information contained within this article was accurate as of July 25, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About Natalie Rutledge

Natalie Rutledge majored in Communications at Mississippi State University. She was in sales for a number of businesses and spent nine years working as a communications advisor to various entities. Natalie can be contacted directly at [email protected]
View all posts by Natalie Rutledge