Hot on the heels of the breach of popular gaming site DLH, which is still being denied by the site staff, another set of gaming forums have been compromised through the use of a vulnerability in the vBulletin software. Funcom has posted a warning to players of all of it’s games (The Secret World, Anarchy Online, Age of Conan, Longest Journey) that forum account data has been accessed by a third party. This includes email addresses, user names, encrypted passwords and came at the hands of a security flaw in the company’s vBulletin forums.
It’s unclear whether the breaches are linked, or if the vulnerabilities used are one in the same, but given that the hacker who compromised DLH also compromised other forums, it seems likely. As of writing, Funcom has patched the issue and instigated a site-wide reset of all user passwords in an attempt to prevent further data leakage.
We regret to inform you that the data breach includes e-mail addresses, user names, and encrypted passwords associated with forum accounts on these forums. Even though passwords were encrypted, these can be cracked and should be considered compromised. It is important to note that forum accounts and game accounts are separate and are stored on different servers using different security systems. Game accounts have not been compromised.
The breach was possible due to a security fault in the vBulletin forum system. This security fault was corrected on our forums on August 19th, 2016, but we are unable to determine exactly when the data breach occurred prior to the fix.
