“Albion Online” Forums Breached and User Passwords Stolen

Last updated October 20, 2020
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Source: Albion Online

Players of the “Albion Online” sandbox MMORPG, who were also registered to the forums of the game, have had their passwords stolen by a hacker. According to an announcement by the forum’s admins, an intruder was able to gain access to parts of the forum’s database after successfully exploiting a vulnerability. Unfortunately, the information that the hacker managed to access includes user profile data like email addresses and also passwords.

On the positive side, all passwords were encrypted (hashed and salted), and the algorithm that is used for this purpose is Bcrypt, so they should be safe. However, those who used particularly weak passwords may run a higher risk than the rest, as these could be easier to break. Payment information or any other type of data wasn’t included in this breach, so resetting your credentials on the Albion Online platform should be enough now.

Albion’s forum staff has already plugged the vulnerability that was exploited by the hacker and is currently running additional checks to ensure that nothing like that will happen again in the future. The firm’s IT teams are reviewing the security of other systems besides those that support the forum so that they may identify and proactively fix any holes that could be hiding there.

The flaw was in the WoltLab Suite forum platform that was used in the Albion Online forums, and the quick nature of the fix indicates previous updating negligence. Surely, applying CMS updates, especially for major versions, is not a walk in the park for web admins, but not doing it leaves the door open to hackers.

If you are among the 293 thousand registered forum members, make sure to reset your password there and do the same on other online platforms if you use the same credentials elsewhere too. You should also note that Albion’s team has taken the dubious decision to send out emails to the affected users, which sets the ground for scammers to try their luck on phishing by also sending emails to the players.

Finally, adding a two-factor authentication step on the platform should be the next move by the admins, and there are quite a few users who are now eagerly asking for it.

Taking part in a forum community can be a fun and rewarding experience, but it’s certainly not a necessity if you just want to play the game. Thus, if you want to have a presence on a game forum, you’d better use a secondary email address that’s not linked to your most valuable assets, and you should be safe.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: