The first incident occurred in December 2015 and went on until July 2016, more than 22 million R2Games accounts were compromised. Hacker accessed usernames, hashed passwords, IP addresses, and email addresses.
This time, the hacker claimed all forums managed by R2Games have been hacked, such as the Russian version of r2games.com.
Data belongs to forums operated by in company in various countries, including U.S., France, German, and Russia. Experts noticed that all the hacked platforms running of the vBulletin CMS whom older version are affected by well-known flaws.
Data compromised in the last breach includes user credentials, email addresses, IP addresses, and other optional attributes, such as instant messenger IDs, birthday, and Facebook related details (ID, name, access token).
Hunt identified 1,023,466 unique email addresses, 482,074 were also included in data dumps from other breaches.
The dump includes 5,191,898 unique email addresses, 3,379,071 of them related to mail.ar.r2games.com or mail.r2games.com, remaining 789,361 addresses looked like automatically generated (number]@vk.com addresses).
“When asked about the passwords, Hunt told Salted Hash many of them are MD5 with no salt, but a large number of them have a hash corresponding to the password “admin” and a few hundred thousand others are using the plain text word “sync”.” reported Salted Hash.
“The observation I’d make here is that clearly, they don’t seem to be learning from previous failures. The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying. Perhaps the prior denials are evidence that they just don’t see the seriousness in security,” Hunt told Salted Hash.
The gaming did not respond to requests for comment, R2Games player are invited to change passwords on R2Games forums and for any other service that shares the same login credentials.
(Security Affairs – R2Games, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.