Actu
Hacker steals 1.6 million accounts from top mobile game’s forum - expert comment
July 2016 by Ryan Wilk, director at behavioural biometrics firm, NuData Security
Reports are starting to surface saying that a hacker has targeted the official forum
of popular mobile game "Clash of Kings," making off with close to 1.6 million
accounts. The hack was carried out on July 14 by a hacker, who wants to remain
nameless, and a copy of the leaked database was provided to breach notification site
LeakedSource.com, which allows users to search their usernames and email addresses
in a wealth of stolen and hacked data. In a sample given to ZDNet, the database
contains (among other things) usernames, email addresses, IP addresses (which can
often determine the user’s location), device identifiers, as well as Facebook data
and access tokens (if the user signed in with their social account). Passwords
stored in the database are hashed and salted. LeakedSource has now added the total
1,597,717 stolen records to its systems. The comments from Ryan
Wilk, director at NuData Security:
"This hack illustrates that the software industry, as a whole, needs to stay
vigilant because PII data continues to be targeted wherever it may live and that
hackers aren’t taking the summer off.
We’ve pointed out time and time again that data breaches don’t occur in a vacuum.
Hackers are making a living by selling this data on the Dark Web, they do it because
they can pay the bills doing it, and what everyone should be asking themselves is
why are folks buying it? Because, that data — your data, my data and everyone’s
data, gets bought for pennies, bundled up into bigger packages (identity sets)
called “fullz”, and used as fuel. Fuel for a much more lucrative project that is
making people even more money, and putting their kids through school. These folks
work for Fraud Inc., and they don’t give a hoot about you, your privacy and your
accounts. They’ll use your stolen credentials and take them over, apply for loans
in your name, grab your refund from the IRS, and order that new Vitamix from your
Amazon account without even thinking about it. Once you’ve fixed that, they’ll
do it again because they know your mom’s middle name and your hometown
high-school. And, most of the time, it goes back to the breach. The infinite feed
source.
That’s why behavioural biometrics analysis is so necessary. Using this
intelligence, fraud can be stopped at any point where there is an authentication
test because the software is so good at determining who’s a real user and who is a
fraudster. Companies using these tools have a much more accurate understanding of
the user, and a lot more options. Fraudsters logging in with your valid credentials
just don’t get through because they don’t behave like you. Period.
Breaches may not be 100% preventable, but it is possible to prevent hackers from
being able to use the data they steal in these incidents, effectively making it
worthless. At the very least, behavioural biometrics and analysis would prevent
fraudsters from taking the Clash of Kings data and leveraging it elsewhere."
