Funcom, makers of The Secret World, The Longest Journey, Age of Conan and Anarchy Online, announced earlier this morning that their forums have been compromised and user data exposed.
In an announcement on their website, Funcom announced that the data breach for the four games above included encrypted passwords, user names and e-mail addresses. “Even though passwords were encrypted, these can be cracked and should be considered compromised,” the company said.
According to the LeakedSource data breach monitoring hub, many of the forum passwords have already been cracked. On the English forums for The Secret World alone, more than 81,000 passwords from nearly 228,000 users had been cracked.
Game accounts are still secure as those were “separate and are stored on different servers using different security systems”. It’s still frustrating for users, however, particularly when the breach was made possible “due to a security fault in the vBulletin forum system”.
Along with other sites that were breached recently, LeakedSource wrote that “not a single website used proper password storage, they all used some variation of MD5 with or without unique salts”. Funcom has reset all passwords for all accounts on the sites affected, and its recommended that users change their passwords elsewhere if that password has been reused. (Which you absolutely shouldn’t be doing, but probably do anyway.)
The breach was revealed just days after the forums for Epic Games and Unreal Tournament were also exposed. Both of those forums were placed into maintenance mode as a result.