Popular game creator SuperCell (creator of trending games such as Clash of Clans, Clash Royale, Boom Beach and HayDay) is now facing a massive data breach after it was revealed that the vBulletin forums which belongs to SuperCell has been hacked and according to LeakBase, 1.1 Million forum accounts are stolen and some account information are already traded by the hackers.
On an official statement, SuperCell said that they will take the breach seriously, adding the note that they still ensure the safety of their users, and privacy.
We take any such breaches very seriously and we follow very strict policies when it comes to security. Please note that this breach only affects our Forum service. Game accounts have not been affected.
Note that the hack affects ONLY the vBulletin forums, quite possibly related to an unpatched critical vulnerability made public a number of months ago.
Though it was said that the breach happened in September last year, the forum suggested users to change their passwords.
The hacked data consists of email ID’s, passwords and IP address of the users. It is said that SuperCell uses the vBulletin Forums software which will hash the passwords but unfortunately, the password hashes are not that strong.
As we’ve said before, to provide our forum service we use software from vBulletin.com. We’re currently looking into report that a vulnerability allowed third party hackers to gain illegal access to some forum user information, including a number of emails and encrypted passwords. Our preliminary investigation suggests that the breach happened in September 2016 and it has since been fixed.
To make sure your account is not being accessed without your knowledge, please change the password you are using on this forum as soon as possible. You can reset your password here: https://forum.supercell.com/login.php?do=lostpw
We also strongly advise you to change the password in any other systems you are using with the same login. As a general guideline, matching credentials should not be used on multiple sites.
We apologise for the inconvenience this has caused.
PSA: Make sure to change your online account passwords regularly in order to be safe, at most times.