‘Electronic Arts’ Hit by Massive Data Breach Involving User Records and Source Code
Last updated August 18, 2021
Swedish independent video game company Star Vault released its MMORPG Mortal Online in 2010 and had a fairly successful and large release with a large number of players signing up for the free-to-play game. In 2012, the company’s developers revealed that they were storing user data including passwords in MD5 hashes but did not change their storage methods to secure user data.
On 17th June 2018, third parties accessed the Mortal Online servers and stole a database that contained the MD5 hashes with user data of 569, 703 players. The data has already been sold online multiple times on forums. The developers revealed that credit card information was not affected.
The MD5 hashing function used by Mortal Online is mostly used as a means of verifying data integrity and is effective against non-intentional data corruption. However, it is susceptible to brute force attacks, and the data can be cracked in a matter of seconds.
Popular website Have I Been Pwned which hosts a compilation of all known data breaches has added the Mortal Online leak to the database. Users can use the website to see if they have been affected. According to Have I Been Pwned creator Troy Hunt, he received email addresses and passwords when he got access to the stolen database. He revealed that the MD5 hashes were stolen and cracked soon after the server breach.
While many believe that having a strong password can protect you from hacks, it may not be entirely true. Like in the case of Mortal Online, users with secure passwords were also affected due to negligence and refusal to implement better security for user data.
What do you think about the data breach suffered by Mortal Online players? Let us know in the comments below. Get instant updates on TechNadu’s Facebook page, or Twitter handle.Â