Privacy News Hacker steals 1.6 million accounts from "Clash of Kings" forum

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.

The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted.

LeakedSource has now added the total 1,597,717 stolen records to its systems.

"Clash of Kings" stands as one of the most popular mobile games today, with upwards of 100 million installs on Android alone.

A spokesperson for the game's developer, Elex, a Beijing, China-based tech company, did not respond to a request for comment.

At the time of publication, the forum was down undergoing "maintenance".

The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption.


The hacker exploited a known weakness in the forum's software, an older version of vBulletin, which dates back to late 2013. The version in question is vulnerable to a number of serious security flaws, which can be exploited with tools found readily online.

One of the LeakedSource members told me that the hacker actively sought out sites running vulnerable, out-of-date forum software, using a technique known as "Google dorking," which uses search engines to find sites running potentially vulnerable software and insecure configurations.

Read more: A popular mobile game's forum has been hacked
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
This is one of those games that is junk in my opinion.
For me it fits into the category of FB games and is
to be avoided for reasons just like this, They are the kind
of game that is mass produced geared around turning as much
cash as possible with least amount of effort on the companies end.
This is a formula for a security disaster, and it seems they apply the
same cheap principals to their website. They deserve this and much more.
I only feel sorry for the end user who is made to suffer because of the
decisions of a cheap and unethical game designer.
Cheap is as cheap does,
Great share Jack :)
 
Last edited:

Ink

Administrator
Verified
Jan 8, 2011
22,490
The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption.
All the time and money spent on advertising, promotions and more advertising, but lack the basic security is a joke.

Whenever I see these mobile games being spammed everywhere, you know they only care about one thing, and it's not your privacy or security.

They should be sued under the law of being a complete moron.
 

Solarlynx

Level 15
Verified
Top Poster
Well-known
Apr 30, 2012
711
If I start playing then I can't stop. Sounds foolish. That's why I just don't start playing for some years already.

Good luck for those who play!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top