Cyber Incident Victim: FeverClan

On September 28-29, 2016, the gaming community FeverClan experienced a data breach involving its website, feverclan.com. The incident was first publicly disclosed via Twitter on September 29, when user @Allergically posted about the hack, attributing it to another user, @pr0jekkt. @Pr0jekkt claimed responsibility in a subsequent tweet, stating they had "shelled the site and dumped the dab a base," indicating unauthorized access to FeverClan's systems and exfiltration of its database. The compromised database reportedly contained information on over 50,000 users, including usernames, email addresses, IP addresses, hashed and salted passwords, password dates, user IDs, and virtual currency records ("fevercoins"). FeverClan initially had no public notice about the breach on their website or Twitter account despite active online presence, prompting direct inquiry from DataBreaches.net.

FeverClan's representative Ryan Rosso (alias "Bogo") confirmed the breach within hours of being contacted, acknowledging one of their databases had been compromised. The organization implemented precautionary security measures and posted an official notice on their website emphasizing transparency. This notice clarified that stolen passwords were hashed and salted, not stored in plaintext, but confirmed email addresses and other user data were exposed. FeverClan attributed the breach to a potential vulnerability in Vbulletin software that had been exploited days earlier, though they did not provide definitive forensic confirmation. Their response included hardening website security and updating all plugins to prevent further exploitation. The public notice directed affected users to a forum for questions, but no additional details about user notifications or regulatory disclosures were provided in the source material.