With the security incident, a hacker breached the discussion forum used by gamers hosted by Albion Online. The platform is a popular free medieval fantasy ‘Massively Multiplayer Online Role-Playing Game’ (MMORPG), a sub-genera of Massively Multiplayer Online (MMO) video games. The hacker stole usernames and password hashes, leaving users potentially vulnerable.
According to ZDNet, following the unauthorized activity, Albion requested its forum users to reset their passwords via a forum post. In addition emails were sent by the games company out to all impacted users.
Looking at the issue for Digital Journal is Robert Prigge, CEO of Jumio.
According Prigge, the incident in a nutshell can be summarized as: “The breach of Albion Online’s forum, including email addresses and hashed passwords, puts hundreds of thousands of users at risk of being victimized for fraud.”
Prigge notes that this form of password management carries inherent risks: “As hashed passwords can be easily deciphered, cybercriminals can leverage bots and credential stuffing to try these login credentials across countless websites (including banking portals, social media accounts, healthcare sites and more) in search of an opening.”
Prigge also points out that there is more to be done in terms of preventative action, stating: “Albion Online’s response to have users reset passwords is simply not enough to protect customer accounts. It’s time online businesses stop relying on usernames and passwords to protect accounts. A more secure alternative, biometric authentication (leveraging a person’s unique human traits to verify identity), allows online organizations to confirm the authorized user is the one logging in, ensuring their personal data is safe from malicious actors.”