Clash of Kings official forum hacked, data of 1.6 million accounts leaked
The official forum for popular mobile strategy game Clash of Kings has reportedly been breached and the hacker has stolen about 1.6 million user accounts. According to data on breach notification site LeakedSource, the breach, which was allegedly carried out on 14 July, was able to steal usernames, email addresses, IP addresses, Facebook data and access tokens.
“Exposing vulnerable applications to the internet is like walking through the hall with a kick-me sign stuck on your back,” Tripwire senior security researcher Travis Smith was quoted as saying by VentureBeat.
“Attackers can quickly search the Internet for any system with a known vulnerability, then use readily available tools to exploit and take over the system.”
The forum is currently offline and “under maintenance” at the time of publication.
An anonymous hacker told Zdnet that the assault was carried out by exploiting a known weakness in the forum’s software – an older 2013 version of vBulletin that includes multiple security flaws that can easily be abused to gain access to and swipe forum data using tools that readily available online.
Source | ibtimes