If you have an account on Supercell, the company behind popular games like Clash of Clans, Clash Royale, Boom Beach and Hay Day, then it is time to change your password at the earliest. Reportedly, over a million user accounts on Supercell’s community forum have been hacked and data traders are willing to swap the details.
According to an official statement released by Supercell, the breach occurred sometime in September last year. The same statement was also posted on the site’s forums that were affected by the hack. The company, however, has urged its users to change their passwords of all of their accounts.
The hacked data includes usernames, email IDs, hashed passwords and IP addresses. It is being reported that Supercell uses vBulletin forum software which has the tendency of hashing passwords in such a way that it becomes quite easy for hackers to crack them.
LeakBase, a website dedicated to breach notification, claims that the hacked dataset contain around 1.1million accounts. Motherboard verified the data by using the email addresses included in a sample dataset of 100 accounts; when they tried to create new accounts on Supercell using these email IDs, they were unsuccessful because the email address was being used already.
Supercell further stated in its official statement that the company takes data breaches quite seriously and follow strict policies for ensuring the security of user profiles on their website. As per the company, the breach affected their Community Forum service only and the game accounts haven’t been compromised or accessed at all.
It points a glaring flaw in the outdated vBulletin software because this isn’t the first time that a website using this software has been compromised. Previously, Pakistani automotive giant PakWheels, EpicGames, LifeBoat, Grand Theft Auto (GTA) fan forum, Clash of Kings forum and several other forums suffered massive data breaches since they were using the outdated version of vBulletin software.
It is recommended that users must exercise caution and use different passwords to log into their accounts or different sites and forums. This will ensure that their data remains secure on other accounts if one gets hacked.