Cyber Threat Actor: @Allergically
| Actor Type | Location | Known Incidents |
Sensationalist
|
—
|
1 incident |
|---|
Profile
The threat actor known as @Allergically operated under the alias "Expl.oit" or "Exploit" as part of a small hacking group. This actor collaborated with another individual using the handle @pr0jekkt during the compromise of the Exile Mod gaming forum in August 2016. Their activities demonstrated a focus on breaching online gaming communities, though no explicit motivations were disclosed in their communications with media outlets. The group maintained a public-facing approach by directly contacting cybersecurity journalists at HackRead to detail their exploits and by publishing stolen data on third-party platforms accessible to the public.
The actor's sole publicly documented operation targeted the Exile Mod gaming forum, resulting in the theft of 11,902 user accounts containing usernames, email addresses, encrypted WordPress PHP passwords ($P$B), activation keys, and administrator emails from unrelated websites. While the specific vulnerability exploited wasn't disclosed, the incident reflected broader security challenges within gaming platforms during 2016. The compromised data included over 8,000 Steam profile links, though these posed no direct risk to Steam accounts. Forum administrators acknowledged the breach but downplayed password extraction risks due to the strong hashing implementation. No technical details about tooling, malware, or infrastructure were disclosed, and no affiliations with state actors or criminal organizations were established through available reporting. The operation's public disclosure strategy emphasized notoriety through media engagement rather than overt financial or disruptive objectives.
