Hacker steals 1.6 million accounts from Clash of Kings forum

Reports started surfacing saying that a hacker has targeted the official forum of popular mobile game “Clash of Kings,” making off with close to 1.6 million accounts. The hack was carried out on July 14 by a hacker, who wants to remain nameless, and a copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data. In a sample given to ZDNet, the database contains (among other things) usernames, email addresses, IP addresses (which can often determine the user’s location), device identifiers, as well as Facebook data and access tokens (if the user signed in with their social account). Passwords stored in the database are hashed and salted. LeakedSource has now added the total 1,597,717 stolen records to its systems.

Ryan Wilk, director at NuData Security offered the following comment;

“This hack illustrates that the software industry, as a whole, needs to stay vigilant because PII data continues to be targeted wherever it may live and that hackers aren’t taking the summer off.

We’ve pointed out time and time again that data breaches don’t occur in a vacuum. Hackers are making a living by selling this data on the Dark Web, they do it because they can pay the bills doing it, and what everyone should be asking themselves is why are folks buying it? Because, that data — your data, my data and everyone’s data, gets bought for pennies, bundled up into bigger packages (identity sets) called “fullz”, and used as fuel. Fuel for a much more lucrative project that is making people even more money, and putting their kids through school. These folks work for Fraud Inc., and they don’t give a hoot about you, your privacy and your accounts. They’ll use your stolen credentials and take them over, apply for loans in your name, grab your refund from the IRS, and order that new Vitamix from your Amazon account without even thinking about it. Once you’ve fixed that, they’ll do it again because they know your mom’s middle name and your hometown high-school. And, most of the time, it goes back to the breach. The infinite feed source.

That’s why behavioural biometrics analysis is so necessary. Using this intelligence, fraud can be stopped at any point where there is an authentication test because the software is so good at determining who’s a real user and who is a fraudster. Companies using these tools have a much more accurate understanding of the user, and a lot more options. Fraudsters logging in with your valid credentials just don’t get through because they don’t behave like you. Period.

Breaches may not be 100% preventable, but it is possible to prevent hackers from being able to use the data they steal in these incidents, effectively making it worthless. At the very least, behavioural biometrics and analysis would prevent fraudsters from taking the Clash of Kings data and leveraging it elsewhere.”