Cyber Incident Victim: Supercell
Date:
Sep 2016
Location:
Finland
Summary
A cyberattack compromised the community forum of a mobile game developer, resulting in the theft of over one million user accounts containing usernames, email addresses, IP addresses, and hashed passwords. The breach was verified through independent confirmation of email reuse and user validation of account details. The company acknowledged the incident, confirmed it affected only forum services and not game accounts, and implemented corrective measures while urging password resets. The attackers exploited vulnerabilities in the vBulletin forum software, which had a history of security weaknesses. This incident followed prior unauthorized access to the company's social media and administrative systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2016, hackers breached the community forums of Supercell, the developer behind popular mobile games including Clash of Clans. The compromise exposed over 1.1 million user accounts associated with the forum platform. Attackers exfiltrated usernames, email addresses, IP addresses, and hashed passwords stored by the vBulletin forum software. Supercell confirmed the incident after an investigation, stating the breach occurred that month and had since been remediated. The company notified affected users via forum posts, urging them to change their passwords as a precautionary measure. Security researchers at LeakBase, a paid breach notification service, later obtained and circulated the dataset, providing Motherboard with a sample of 100 accounts for verification.
Motherboard validated the authenticity of the stolen data through multiple methods. Journalists attempted to register new forum accounts using email addresses from the sample but found them already registered, confirming the data's legitimacy. Eight users whose details appeared in the breach corroborated their account ownership and verified specific identifiers like usernames. Supercell clarified that the incident exclusively impacted forum accounts and did not compromise game servers or player profiles. The company emphasized its strict security policies while acknowledging the forum breach's severity. This marked at least the second known security incident involving Supercell, following a 2014 compromise where a hacker claimed access to the company’s Facebook page and administrative panel. The vBulletin software’s password hashing method, noted for potential vulnerabilities in prior breaches, was implicated in the exposure.