- Hacker exploited forum vulnerability, and offered stolen database for sale
- Players advised to change their passwords
Sandbox Interactive, the developers of the free medieval fantasy video game Albion Online, have warned players that a hacker managed to break into its systems and gain access to its user database.
In a post on the Albion Online forum, players were advised that a hacker was able to exploit a vulnerability to gain access to the forum’s user database.
Exposed data included players’ email addresses, as well as passwords that had been salted and hashed with bcrypt.
At the very least this means that the hacker now has in their hands a list of Albion Online users’ email addresses – information which could be exploited in phishing and social engineering attacks in an attempt to trick players into handing over more information.
However, if some players chose weak passwords for their Albion Online forum account (which, lets face it, is hardly unlikely) then they might still be singled-out by a determined hacker.
If a hacker was able to correctly determine a user’s forum password it can also be used to play the Albion Online game itself. But more worryingly, it might be put to malicious use if the player has made the mistake of reusing the same password elsewhere on the internet.
The confirmation by Sandbox Interactive of a security breach came at approximately the same time that it was reported a hacker was offering the Albion Online database for sale on a hacking forum.
Sandbox Interactive is recommending that affected users can update their password via the Albion Online website. My advice would be for affected Albion Online players to do so, but also to ensure that they choose a strong, complex password and that they are not reusing passwords anywhere else on the internet.
That’s good advice whether there has been a security breach or not. All passwords should be hard-to-crack, hard-to-guess, and unique.
The use a good password manager can help ensure that passwords are being chosen sensibly rather than dreamt up by the human brain, and that unique, sensible and secure choices are made.
Albion Online says that it is contacting affected users via email. Of course, a malicious hacker might be contacting affected users at the same time – using the stolen email address list – so please be on your guard.
According to Sandbox Interactive, the vulnerability used by the hacker to access the sensitive data from the Albion Online forum has been patched, and a full security review is under way.