Hacking News: Did you have an account on "Clash of Kings" forum?

  • Yes

    Votes: 1 3.6%
  • No

    Votes: 27 96.4%
  • Total voters
    28

Jack

Administrator
Verified
Staff member
A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts.

The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user's location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted.

LeakedSource has now added the total 1,597,717 stolen records to its systems.

"Clash of Kings" stands as one of the most popular mobile games today, with upwards of 100 million installs on Android alone.

A spokesperson for the game's developer, Elex, a Beijing, China-based tech company, did not respond to a request for comment.

At the time of publication, the forum was down undergoing "maintenance".

The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption.


The hacker exploited a known weakness in the forum's software, an older version of vBulletin, which dates back to late 2013. The version in question is vulnerable to a number of serious security flaws, which can be exploited with tools found readily online.

One of the LeakedSource members told me that the hacker actively sought out sites running vulnerable, out-of-date forum software, using a technique known as "Google dorking," which uses search engines to find sites running potentially vulnerable software and insecure configurations.

Read more: A popular mobile game's forum has been hacked
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
This is one of those games that is junk in my opinion.
For me it fits into the category of FB games and is
to be avoided for reasons just like this, They are the kind
of game that is mass produced geared around turning as much
cash as possible with least amount of effort on the companies end.
This is a formula for a security disaster, and it seems they apply the
same cheap principals to their website. They deserve this and much more.
I only feel sorry for the end user who is made to suffer because of the
decisions of a cheap and unethical game designer.
Cheap is as cheap does,
Great share Jack :)
 
Last edited:

Spawn

Administrator
Verified
Staff member
The hack took advantage of the company's lax approach to user security, such as failing to use basic HTTPS website encryption.
All the time and money spent on advertising, promotions and more advertising, but lack the basic security is a joke.

Whenever I see these mobile games being spammed everywhere, you know they only care about one thing, and it's not your privacy or security.

They should be sued under the law of being a complete moron.
 

Solarlynx

Level 14
If I start playing then I can't stop. Sounds foolish. That's why I just don't start playing for some years already.

Good luck for those who play!