Cyber Incident Victim: Albion Online

On October 16, 2020, an unauthorized actor exploited a vulnerability in the WoltLab Suite software used by Sandbox Interactive to gain access to the Albion Online forum database. The intrusion resulted in the theft of forum user data, including usernames, email addresses, and encrypted passwords. The compromised passwords were protected using bcrypt hashing with salting, a robust encryption method designed to resist cracking attempts. While the stolen credentials could not directly enable logins to Albion Online’s game servers or the forum itself due to this encryption, Sandbox Interactive warned that users who reused identical email-password combinations across multiple services faced potential account compromise elsewhere. The company detected the breach promptly and initiated an investigation to assess its scope.

Sandbox Interactive publicly disclosed the incident on October 19, 2020, via an advisory post on the Albion Online forum and direct email notifications to affected users. The developer instructed all forum users to reset their passwords as a precautionary measure and confirmed the vulnerability in WoltLab Suite had been patched following the attack. A formal report was being prepared for submission to relevant authorities. Separately, an unverified claim surfaced on hacker forums alleging access to Albion Online’s primary game database and additional sensitive systems, though this post was subsequently deleted without corroboration. Sandbox Interactive did not publicly address this secondary claim within the disclosed timeline. The breach impacted an undisclosed subset of the game’s forum users; Albion Online itself maintained over 2.5 million registered players as of 2020. No evidence suggested game servers or financial systems were compromised during the October 16 intrusion.