Cyber Incident Victim: ExileMod
Date:
Aug 2016
Location:
United States of America
Summary
A gaming forum for Exile Mod was compromised by hackers using the alias "Expl.oit," resulting in the exposure of nearly 12,000 user accounts containing usernames, emails, encrypted passwords, and activation keys. The stolen data, verified as legitimate, included WordPress PHP-hashed passwords considered difficult to crack, alongside admin emails from unrelated websites and over 8,000 Steam profile links that posed no direct risk to Steam accounts. While the attackers exploited an unspecified vulnerability, forum administrators acknowledged the breach but downplayed password extraction risks, mirroring broader security challenges faced by gaming platforms during this period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
On August 28, 2016, the official website of the Exile Mod gaming forum was compromised by a hacking group identifying as "Expl.oit" or "Exploit," with members @Allergically and @pr0jekkt claiming responsibility. The attackers exfiltrated and publicly leaked the personal data of 11,902 registered users, including usernames, encrypted passwords using WordPress PHP hashing ($P$B), nicknames, email addresses, and user activation keys. The stolen dataset contained 5,246 Gmail accounts and 459 Yahoo accounts among the unique email addresses. HackRead independently verified the breach's legitimacy through collaboration with Hacked-DB, confirming the data was previously undisclosed and hosted on a third-party platform. Analysis revealed the compromised accounts primarily belonged to users who registered in 2015, with additional exposure of administrator-level emails from unrelated websites, including [email protected], [email protected], [email protected], and [email protected]. Over 8,000 Steam community profile links were identified in the leak, though no direct compromise of Steam accounts occurred.
Exile Mod administrator Eichi confirmed the intrusion in an official blog post, asserting the hashed passwords were "extremely hard to extract" due to the WordPress PHP hashing implementation. The breach occurred during a period of heightened vulnerabilities across gaming platforms, with multiple high-profile incidents linked to outdated vBulletin forum software in 2016, though the specific attack vector against Exile Mod remained unidentified. No operational disruptions or additional attacker motives were disclosed beyond the data exfiltration. The incident exposed users to credential-stuffing risks despite password encryption, while the inclusion of administrator emails from external services suggested potential collateral targeting. Hacked-DB researchers emphasized the relative strength of the $P$B hashing mechanism against brute-force attacks, though the exposure of activation keys and associated account details created persistent account security concerns for affected individuals.