[BreachExchange] Clash Royale Forums Hacked but Game Accounts Still Secure

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 20 14:48:39 EST 2017


http://news.softpedia.com/news/clash-royale-forums-hacked-but-game-accounts-
still-secure-511992.shtml

A community manager announced on the firm’s forums that hackers managed to
breach the website with a vulnerability last fall, but while they indeed
gained access to user accounts, game accounts were still secure. Emails and
encrypted passwords were exposed and no other data was stolen.

“We're currently looking into report that a vulnerability allowed third
party hackers to gain illegal access to some forum user information,
including a number of emails and encrypted passwords. Our preliminary
investigation suggests that the breach happened in September 2016 and it
has since been fixed,” the parent company said.

No game data compromised

No hacker or group claimed the attack so far, and it’s not yet clear how
many accounts were actually compromised, but Supercell says that all users
should change their passwords as soon as possible.

“Game accounts have not been affected. To make sure your account is not
being accessed without your knowledge, please change the password you are
using on this forum as soon as possible. We also strongly advise you to
change the password in any other systems you are using with the same login.
As a general guideline, matching credentials should not be used on multiple
sites,” the announcement reads.

And while at first glance you might not be tempted to believe that it’s
worth changing your passwords because hackers wouldn’t get access to
sensitive details anyway, you should do that as soon as possible especially
if the same password is used for other services as well.

Hackers often try stolen passwords with the most popular online services,
including Google and Yahoo, so this breach could affect users beyond the
Clash Royale forums.

If you want to reset your Clash Royale forum account, go here to do this,
but keep in mind that if the same password is used elsewhere, you must
change it there as well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170120/e0d8551e/attachment.html>


More information about the BreachExchange mailing list