Armor Games, the brand behind popular games such as Kingdom Rush, Gemcraft, and Dawn of the Dragons, has confirmed in a letter to its customers that a massive data breach that took place earlier this year compromised public profiles, usernames, login credentials, dates of birth, and hashed passwords of all its website customers.
In February, The Register revealed that over 620 million stolen online accounts had been put up for sale on the Dream Market cyber-souk, a Dark Web marketplace which could be accessed using Tor.
While 162 million accounts were stolen from Dubsmash, 151 million were stolen from MyFitnessPal, 92 million from MyHeritage, 41 million from ShareThis, 28 million from HauteLook, 25 million from Animoto, 18 million from Whitepages, 16 million from Fotolog, 11 million from Armor Games, and 8 million such accounts were stolen from BookMate.
Millions of online accounts account details of millions of people were also stolen from other platforms such as Artsy, CoffeeMeetsBagel, DataCamp, 500px, and EyeEm. The passwords for all online accounts were hashed using the age-old MD5 algorithm and could be decrypted using standard software by those purchasing such accounts on the marketplace.
The Register also noted that accounts stolen from each of the above-mentioned online platforms were stored in separate databases on the Dark Web marketplace that could be purchased by scammers or cyber criminals for less than $20,000 in Bitcoin. Some of these online accounts contained social media authentication tokens and location of users as well but didn’t feature payment card information or other financial details of compromised users.
Data breach compromised all Armor Games user accounts
Recently, Armor Games wrote to all of its customers, admitting that it was indeed a victim of the data breach and that the breach had compromised usernames, login credentials, hashed passwords, dates of birth, and public profiles of ALL website customers.
“This appears to be part of a larger breach affecting 16 companies. We are one of the smaller companies affected, apparently holding less than 2 per cent of the total accounts affected between the 16 companies,” said the gaming brand.
“Nevertheless, the database affected primarily stores all our website users’ public profiles, login data (usernames, email addresses, IP addresses, and hashed passwords), birthdays of our administrative accounts, and information about our password protection processes at the time (including the password salt),” it added.
In the email, Armor Games also asked its website customers to update their passwords immediately and also informed them that it is taking fresh measures to improve security, “including updating our password protection and methods”.
“Armor Games sincerely apologies for the inconvenience and concern this incident may cause, and remains committed to safeguarding the personal information in its care,” it added.