Cyber Incident Victim: Supercell
Date:
Feb 2014
Location:
Finland
Summary
A Syrian hacker known as Ethical Spectrum compromised a Finland-based game developer's Facebook pages for popular titles by breaching an employee's email account, subsequently accessing private systems including a social media management platform. The attacker hijacked official pages, obtained audience and revenue data without accessing financial information, and claimed the intrusion aimed to expose security flaws after alleged ignored warnings. The incident triggered widespread player requests for fraudulent in-game currency. Secondary impacts included unauthorized access to an Indonesian hosting firm's social media accounts, though organizational awareness remained unclear. Security providers and the victim company rapidly revoked platform access to contain the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 10, 2014, a Syrian hacker operating under the alias Ethical Spectrum compromised the official Facebook pages for Supercell's popular mobile games Hay Day and Clash of Clans. The attacker gained initial access by breaching the email account of a Supercell employee, exploiting this foothold to infiltrate multiple private company resources. Among these was Engagor, a social media management platform used by the Finland-based game developer to administer its Facebook presence. Through unauthorized access to Engagor's interface, Ethical Spectrum seized control of Supercell's social media accounts. The hacker later revealed he had identified security vulnerabilities and attempted to notify Supercell's CEO via email prior to the attack, but received no response. Supercell detected the breach rapidly and alerted Engagor, whose security team terminated the compromised account access within minutes. Engagor CEO Folke Lemaitre confirmed the intrusion originated from the employee's compromised email credentials rather than a direct breach of Engagor's infrastructure.
The incident resulted in unauthorized access to Supercell's marketing analytics, including audience metrics and revenue statistics, though Ethical Spectrum publicly stated he did not obtain credit card information or financial data. Following public disclosure of the breach, numerous game players began contacting the hacker requesting free in-game currency, overwhelming his email inbox as evidenced by his February 10 Twitter post. The attack also impacted IDHostinger, an Indonesian hosting firm whose Twitter account remained under Ethical Spectrum's control with unauthorized posts still visible days after initial compromise, suggesting the company either hadn't detected or couldn't remediate that breach. While the hacker claimed altruistic motives to improve Supercell's security posture, his actions disrupted social media operations for multiple organizations and exposed vulnerabilities in third-party marketing tool integrations.