Hacker steals 1.6 million accounts from top mobile game's forum

The forum was running outdated software, which was easily hacked with known exploits.

clash-of-kings
(Image: ZDNet/CBS Interactive)

A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.

The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

INVESTIGATION

More "mega breaches" to come, as rival hackers vie for sales

Despite some success, patience and trust is now fading.

In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted.

LeakedSource has now added the total 1,597,717 stolen records to its systems.

"Clash of Kings" stands as one of the most popular mobile games today, with upwards of 100 million installs on Android alone.

A spokesperson for the game's developer, Elex, a Beijing, China-based tech company, did not respond to a request for comment.

At the time of publication, the forum was down undergoing "maintenance".

The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption.

The hacker exploited a known weakness in the forum's software, an older version of vBulletin, which dates back to late 2013. The version in question is vulnerable to a number of serious security flaws, which can be exploited with tools found readily online.

One of the LeakedSource members told me that the hacker actively sought out sites running vulnerable, out-of-date forum software, using a technique known as "Google dorking," which uses search engines to find sites running potentially vulnerable software and insecure configurations.

The "Clash of Kings" forum was one of the largest that shows up in the search.

"At this point, any unpatched vBulletin 4 forum with over 100,000 users is probably hacked," the member said.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All