Players advised to change their passwords
Sandbox Interactive, the developers of the free medieval fantasy video game Albion Online, have warned players that a hacker managed to break into its systems and gain access to its user database.
In a post on the Albion Online forum, players were advised that a hacker was able to exploit a vulnerability to gain access to the forum’s user database.
Exposed data included players’ email addresses, as well as passwords that had been salted and hashed with bcrypt.
At the very least this means that the hacker now has in their hands a list of Albion Online users’ email addresses – information which could be exploited in phishing and social engineering attacks in an attempt to trick players into handing over more information.
However, if some players chose weak passwords for their Albion Online forum account (which, lets face it, is hardly unlikely) then they might still be singled-out by a determined hacker.
If a hacker was able to correctly determine a user’s forum password it can also be used to play the Albion Online game itself. But more worryingly, it might be put to malicious use if the player has made the mistake of reusing the same password elsewhere on the internet.
The confirmation by Sandbox Interactive of a security breach came at approximately the same time that it was reported a hacker was offering the Albion Online database for sale on a hacking forum.
Sandbox Interactive is recommending that affected users can update their password albion online gamers change passwords following forum
