We’ve all played games on our phones at some point without considering the risks to all the personal data stocked in our phone. This was probably the case with Clash of Kings players who recently fell victim to a major hack.
Clash of Kings is a multi-player, real-time strategy game “in the $36.9 billion mobile gaming market,” according to VentureBeat.
Approximately 1.6 million account records, including email addresses, usernames, IP addresses, Facebook data and access tokens, were stolen after the official forum was hacked on July 14.
In spite of industry warnings, the site managers used an outdated software version of vBulletin from 2013. This, and a lack of HTTPs encryption, made it an easy target for a hacker to exploit the vulnerability via Google search.
The unknown hacker sent the 1,597,717 stolen records to LeakedSource.com, a search engine that allows users to check if their data is exposed online following a security breach.
“Hackers are making a living by selling this data on the Dark Web,” commented for InfoSecurity Ryan Wilk, director at NuData Security. “They do it because they can pay the bills doing it, and what everyone should be asking themselves is why are folks buying it? Because, that data – your data, my data and everyone’s data, gets bought for pennies, bundled up into bigger packages (identity sets) called ‘fullz’, and used as fuel.”
To date, the Chinese gaming company hasn’t released any statement concerning the breach.