Data Breach Exposes 1.6 Million Accounts from Clash of Kings Forum
The official forum of Clash of Kings, the popular mobile game, was breached, and the hacker stole nearly 1.6 million accounts. The stolen data included usernames, email addresses, IP addresses, device identifiers, Facebook data and tokens. Fortunately, user passwords were protected, as they were hashed and salted.
On July 14, the attacker exploited a weakness in the forum’s security software to steal the information. The company was using a 2013 version of vBulletin, which is vulnerable to a number of well-documented security flaws.
After stealing the information, the hacker notified LeakedSource, a website which allows users to search for their login credentials to see if they’ve been hacked. A LeakedSource member told ZDNet that the hacker was looking for websites running out-of-date forum software, and Clash of Kings was the largest site listed.
“At this point, any unpatched vBulletin 4 forum with over 100,000 users is probably hacked,” the LeakedSource member told ZDNet.
Clash of Kings is one of the most popular mobile games on the market. There have been over 100 million installs on Android devices alone.