Albion Games Online Forum Suffers Data Breach – Experts Insight

A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes, the game maker disclosed on Saturday. “The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts,” said Sandbox Interactive GmbH, the company behind Albion Online. The attacker also harvested encrypted passwords. Sandbox Interactive said the passwords were hashed with the Bcrypt password-hashing function and then salted with random data to make it harder for attackers to reverse and crack the password. “These can NOT be used to log in to Albion Online, the website or the forum, nor can they be used to learn the passwords themselves,” the German game maker said. “However, there is a small possibility they could be used to identify accounts with particularly weak passwords.” Users who reused emails and passwords for both their game and forum account are at particular risk.

Full story here: https://www.zdnet.com/article/albion-online-game-maker-discloses-data-breach/

Experts Comments

October 20, 2020
Mounir Hahad
Head
Juniper Threat Labs, Juniper Networks
Most professionals wouldn’t look twice at a game portal data breach that only exposed usernames and password hashes. It is indeed unlikely the password hashes would be reusable on some other site where you have used the same username and password. But the attacker had access to the users’ profiles, which includes email addresses and that’s a bit more valuable to mount future phishing attacks.
October 20, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
This unfortunate breach is a reminder that no online assets are unimportant when it comes to security. Criminals will try to breach any accounts they can, not just ones with monetary value. Even seemingly less important sites like forums or chat rooms can have value to criminals. Even if passwords are secured, having email addresses can allow criminals to launch convincing spearphishing attacks against users and get them to divulge passwords, or download malware. Therefore, all digital assets .....Read More
This unfortunate breach is a reminder that no online assets are unimportant when it comes to security. Criminals will try to breach any accounts they can, not just ones with monetary value. Even seemingly less important sites like forums or chat rooms can have value to criminals. Even if passwords are secured, having email addresses can allow criminals to launch convincing spearphishing attacks against users and get them to divulge passwords, or download malware. Therefore, all digital assets need to be secured at the same level, there are no longer any low-risk sites on the net.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.