A group of hackers going by the online handle of “Expl.oit” or “Exploit” hacked the official website of Exile Mod gaming forum on Sunday the 28th of August 2016 and leaked personal details of 11,902 registered users.
The two hackers from the group @Allergically and @pr0jekkt contacted HackRead with in-depth details about their latest hack but the reason for targeting Exile Mod gaming forum was not given whatsoever.
Other than the data provided by the group, we at HackRead also scanned the data for its legitimacy and after assistance from the data notification site Hacked-DB, it’s confirmed that the leaked data is legit and never been leaked on the Internet before. Here’s what Hacked-DB found:
Exploit hacking group posted the stolen data on a third-party website which is still available for public access. The data includes usernames, passwords, nicknames, emails and user activation keys. The total number of unique emails are 11,902 with 5246 Gmail and 459 Yahoo accounts, however, the leaked passwords are encrypted with WordPress PHP hashes ($P$B).
According to Yogev Mizrahi of Hacked-DB, these passwords are not easy to crack while the data belongs to those users who registered on the site in 2015.
“The WordPress password hasher implements the Portable PHP password hashing framework, which is used in Content Management Systems like WordPress and Drupal.”
Other than the aforementioned data the researchers also found some admin accounts of other websites including firstname.lastname@example.org, email@example.com, firstname.lastname@example.org and email@example.com.
Upon further scan, 8,000+ Steam community profile links were also found however that does not impact their accounts on Steam.
In an official blog post, one of the Exile Mod’s admins Eichi acknowledged that the site was hacked yet claimed that “It is extremely hard to extract your password.”
“As you have probably noticed – our website and some other Arma 3 mod websites have been hacked on Sunday the 28th of August 2016. Our database has been compromised. It contained your email addresses and a security checksum of your password. It is extremely hard to extract your password as plain text from these security checksums, but to be 100% certain.”
The year 2016 has been a bad year for the gaming industry. In the last couple of months, several gaming giants including Lifeboat, Dota 2, Grand Theft Auto, Epic Games, and Clash of kings suffered large-scale data breaches due to a security flaw in outdated vBulletin forum software but at the moment it is still unclear what flaw was used by hackers to breach Exile Mod forum.