Close
Sections
Avast Blog ‘Clash of Clans’ Supercell forum hacked

‘Clash of Clans’ Supercell forum hacked

Deborah Salmi 24 Jan 2017

Hackers break into out-of-date software and steal user email addresses, passwords, and other data to sell on the Darknet.

Hackers broke into the Supercell gamers’ forum and got away with forum user information including email addresses, simply hashed passwords, usernames, and IP addresses. Supercell created the popular games Clash of Clans, Clash Royale, Boom Beach, and Hay Day. Motherboard reports that the breach affected 1.1 million accounts.

An official statement from Supercell said, “Our preliminary investigation suggests that the breach happened in September 2016 and it has since been fixed.” They assured users that “…this breach only affects our Forum service. Game accounts have not been affected.”

Hackers used a vulnerability in the out-of-date vBulletin software used to host the Supercell forum. It’s an unfortunate lesson that we can all learn from: Make sure your software has the latest patches and apply all updates.

What the hackers do next is what concerns security experts. Jan Sirmer, senior malware analyst at the Avast Threat Labs, says that information from hacks like this can either be used by the hackers themselves or sold on the Darknet for other cybercriminals to abuse. “Account log-in credentials can be sold on the Darknet for anywhere between $5 and $100, depending on the Bitcoin exchange rate,” Sirmer said. “As many people use the same log-in credentials to log in to online services, hackers try to use login credentials they buy to gain access into other accounts.”

Online gamers are vulnerable because they provide their data to third parties, but the same is true for everyone who uses any online service. It was a little over a month ago that Yahoo admitted that billions of account holders' personal data was stolen in 2013. That was after 500 million user accounts were hacked in 2014. Everyone was advised to change their passwords.

Added Sirmer, “It's vital that you use unique passwords to keep the data in all of your online accounts safe. I recommend using a password manager, like Avast Passwords, because it not only makes creating unique and long passwords for all of your accounts, but it also alerts you if your email address is associated with a hack, so that you know you need to change your passwords."

Supercell forum users can reset your password here:  https://forum.supercell.com/login.php?do=lostpw

Clash of Clans image from Google Play

Related articles

Learn how to protect elders from tech support scams

Join Avast's Avast's Christopher Budd at the National Council on Aging's Age+Action Conference to learn how to protect elders from tech support scams.

4 Jun 2021 min read

Insurer against ransom payments gets hit with ransomware

Avaddon ransomware group targeted Asia-based insurer AXA with DDoS attacks and ransomware just a week after the insurance company announced it was dropping support for ransomware payments in France.

21 May 2021 min read

SMBs need to take immediate action on Microsoft Exchange vulnerabilities

The Microsoft Exchange patches have led to exploitation of major vulnerabilities. What all small and medium sized businesses (SMBs) need to do immediately.

8 Mar 2021 min read

Subscribe to our newsletter

Subscribe

Most popular

Video: Accept all cookies? A recipe for online privacy this holiday season

11 Dec 2023

How to use Discord’s ‘Family Center’ to help protect your child

24 Jul 2023

The hidden pitfalls of travel apps

13 Jul 2023

Avast researchers uncover disturbing crowdfunding scheme

28 Jun 2023

Your essential cybersecurity checklist for safe summer travel

14 Jun 2023
Logo Avast Footer

1988 - 2024 Copyright © Avast Software s.r.o. | Sitemap Privacy policy

--> -->