BBC News: 1.6m Clash of Kings forum accounts ‘stolen’

July 26 — 1.6m Clash of Kings forum accounts ‘stolen’

Ryan Wilk, VP at NuData Security comments on this BBC article in response to Clash of Kings accounts stolen.

Details about 1.6 million users on the Clash of Kings online forum have been hacked, claims a breach notification site. The user data from the popular mobile game’s discussion forum were allegedly targeted by a hacker on 14 July. Tech site ZDNet has reported the leaked data includes email addresses, IP addresses and usernames.

However, users’ passwords have been protected by hashes and salts – well-known cryptographic techniques. Selling on Elex, the Chinese firm behind Clash of Kings and the official forums, confirmed that an “unauthorised party” had gained access to forum data. “Elex apologise for this unwarranted criminal intrusion into its fans’ confidential information,” it said, adding that it was possible that hackers could decode users’ passwords. “Elex recommend anyone with a Clash of Kings Forum account, to change their password immediately as a security precaution.”

The firm added that the site’s software had now been updated to prevent similar attacks and that there was no impact on Clash of Kings game account or payment information. There has been a string of forum breaches in recent months, including Darkode – a forum used by hackers. Those who manage to steal user data often plan to sell it on, according to Ryan Wilk, director at cyber security firm NuData Security. “Hackers are making a living by selling this data on the Dark Web, they do it because they can pay the bills doing it,” he said.

For the complete article, go here.