[BreachExchange] Disney Playdom Forums Suffer Data Breach
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Aug 1 18:41:29 EDT 2016
http://news.softpedia.com/news/disney-playdom-forums-suffer-data-breach-506823.shtml
According to Disney's statement, the company learned on July 12 that an
attacker breached the playdomforums.com servers on July 9 and then on July
12.
The Playdom Forums are Disney Interactive's official forums for games such
as Star Wars: Commander, Marvel: Avengers Alliance (MAA), Marvel: Avengers
Alliance Mobile (mMAA), and Disney Hidden Worlds (HW).
Over 355,000 users affected
According to the forum's latest statistics section, 355,000 had registered
on the platform.
Disney reported that the attacker had accessed sections of the server that
allowed him to steal user data such as usernames, email addresses, and
passwords.
Additionally, the attacker made off with the IP addresses users used to
register on the site. Fortunately for affected users, Disney did not store
any other personal information such as IP addresses or Social Security
numbers.
Playdom Forums running on vBulletin platform
The company has contacted authorities and has shut down the forums while it
investigates the breach. Playdom Forums ran on the vBulletin forum
software, and by the looks of an older Internet Archive snapshot, the forum
seemed to be running on the old v4 platform, considered insecure.
Disney says it invalidated all user passwords and launched new forums with
better security features. Two separate forums have been made available for
players of Marvel Avengers Alliance and Star Wars Commander.
It is currently unknown if the Playdom Forums will make a comeback, or
Disney will continue with the separate forums it has set up in the meantime.
Since password reuse is a recurring issue among Internet users, Disney
recommends that all Playdom users who reused their password on other
platforms go through the process of updating those accounts to avoid any
potential issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160801/ba20d48e/attachment.html>
More information about the BreachExchange
mailing list