- 569,703 Mortal Online players had their data leaked due to a recent data breach in June, and the login information was sold online in public forums.
- Mortal Online is a popular MMORPG developed by Star Vault and was released in 2010.
- The user passwords were saved as MD5 hashes which is an unsafe method of storing passwords.
Swedish independent video game company Star Vault released its MMORPG Mortal Online in 2010 and had a fairly successful and large release with a large number of players signing up for the free-to-play game. In 2012, the company’s developers revealed that they were storing user data including passwords in MD5 hashes but did not change their storage methods to secure user data.
On 17th June 2018, third parties accessed the Mortal Online servers and stole a database that contained the MD5 hashes with user data of 569, 703 players. The data has already been sold online multiple times on forums. The developers revealed that credit card information was not affected.
The MD5 hashing function used by Mortal Online is mostly used as a means of verifying data integrity and is effective against non-intentional data corruption. However, it is susceptible to brute force attacks, and the data can be cracked in a matter of seconds.
Popular website Have I Been Pwned which hosts a compilation of all known data breaches has added the Mortal Online leak to the database. Users can use the website to see if they have been affected. According to Have I Been Pwned creator Troy Hunt, he received email addresses and passwords when he got access to the stolen database. He revealed that the MD5 hashes were stolen and cracked soon after the server breach.
While many believe that having a strong password can protect you from hacks, it may not be entirely true. Like in the case of Mortal Online, users with secure passwords were also affected due to negligence and refusal to implement better security for user data.