Cyber Incident Victim: FunPlus
Date:
Jan 2017
Location:
China
Summary
A hacker compromised systems of the company behind the mobile game *Family Farm Seaside*, stealing user account information including email addresses, usernames, and game progression data, with over 3.3 million email addresses exposed. The attacker also claimed possession of approximately 16GB of product source code and allegedly attempted to extort the organization, though they denied this motive. The breach was limited to one game, with no passwords or financial information accessed due to Facebook-linked authentication. The company acknowledged unauthorized access to email addresses and urged users to update passwords for accounts associated with their game email. Internal and external security teams were engaged to address the intrusion and mitigate vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early January 2017, an unauthorized individual breached systems belonging to FunPlus, the developer of the mobile game *Family Farm Seaside*, compromising user data and proprietary information. The attacker exfiltrated account details for players of the free-to-play farming simulation game, which reportedly had over 4 million daily users at the time. According to files shared with Motherboard by the hacker, the stolen dataset contained over 3.3 million email addresses associated with player accounts, though not all records included this identifier. Additional compromised information consisted of usernames and game progression details such as farm levels, but no passwords or financial data appeared in the breach, as some authentication relied on Facebook-linked accounts. The hacker also claimed possession of approximately 16GB of product source code stolen from FunPlus. File timestamps indicated the data originated around mid-January 2017. The attacker stated their intent to publicly release the information to expose perceived security deficiencies to FunPlus investors. Motherboard verified portions of the dataset by contacting a affected player, who confirmed the accuracy of their email address and farm level corresponding to the breach timeframe. Some compromised emails were also linked to FunPlus forum accounts.
FunPlus detected the intrusion in January 2017 when the hacker attempted to extort the company, according to Chief Strategy Officer Dan Fiden’s statement, though the attacker denied this allegation. The company engaged internal teams and external security experts to investigate the incident’s scope and remediate vulnerabilities. Their forensic analysis confirmed unauthorized access was limited to *Family Farm Seaside* systems, with no impact on other games in their portfolio. FunPlus determined the breach exposed player email addresses but did not compromise payment details or personally identifiable information beyond emails. Despite this assessment, the company advised users to update passwords for any accounts sharing credentials with their *Family Farm Seaside* email addresses. The investigation corroborated that stolen progression data matched actual player farm levels from the intrusion period, as evidenced by the user verification conducted by Motherboard. FunPlus did not disclose specific containment measures taken beyond collaborating with security professionals, nor did they confirm whether the source code theft allegation was validated during their inquiry.