With a massive breach in security, information for over one million users from a famous Russia inspired MMO game Stalker Online have been compromised and put on auction.

Stalker Online is a popular open-world MMO game that is based on the book “Roadside Picnic,” written by Arkady and Boris Strutgatsky. The game was developed by a studio in Australia called BigWorld Technology.

Recently, the game fell victim to an online hacker who was able to get varying information from over a million users. The hacker then attempted to sell their information on darknet hacker forums for an undisclosed amount of BitCoin.

The hacker now has access to the users’ passwords, emails, addresses, phone numbers, usernames, and IP addresses. As proof of the hack, the culprit posted a public message on the homepage of the game, threatening to publicly display the information if not contacted immediately. The hacker then posted the auction for the information on a digital storefront that was made available for almost a month. It is unclear at the moment if the information was also set up for sale on other websites.

Stalker Online uses the popular MD5 hashtag algorithm to protect its passwords on the database so that it isn’t displayed in plain text. While that is a viable defense, one of MD5’s weaknesses is extension length time attacks, which break down the encrypted information and reprocess it within a specific timeframe. Cybernews, one of the correspondents for this story, has attempted to reach out to BigWorld technology to help the developers with the accounts most at risk, but has not heard a response yet.

Players that have been affected by this issue are highly recommended to change their password immediately. If the password is similar to other accounts, change those passwords as well. Players may expect certain outcomes from this, such as their accounts being used for ransom or falling victim to targeted phishing attacks. Luckily enough, the database didn’t have users more sensitive information such as credit card numbers or social security numbers. However, let this be a reminder for users to always create unique passwords for all of their different accounts.

Source: Cybernews