Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

R2Games company breached for the second time in two years, over one million accounts compromised

R2Games compromised for the second time in a few years, more than one million accounts of U.S., France, German, and Russian forums compromised. Once again, the hackers target a gaming firm, the online gaming company Reality Squared Games (R2Games) has been breached for the second time in just two years. The news was reported by the data breach notification service LeakBase […]

R2GAMES data breach

R2Games compromised for the second time in a few years, more than one million accounts of U.S., France, German, and Russian forums compromised.

Once again, the hackers target a gaming firm, the online gaming company Reality Squared Games (R2Games) has been breached for the second time in just two years. The news was reported by the data breach notification service LeakBase who reported that a hacker confirmed that the security breached happened earlier this month.The company developed many games on both iOS and Android operating systems, it currently has 19 online games in its portfolio and claims over 52 million players.R2GAMES data breach

The first incident occurred in December 2015 and went on until July 2016, more than 22 million R2Games accounts were compromised. Hacker accessed usernames, hashed passwords, IP addresses, and email addresses.

This time, the hacker claimed all forums managed by R2Games have been hacked, such as the Russian version of r2games.com.

Data belongs to forums operated by in company in various countries, including U.S., France, German, and Russia. Experts noticed that all the hacked platforms running of the vBulletin CMS whom older version are affected by well-known flaws.

Data compromised in the last breach includes user credentials, email addresses, IP addresses, and other optional attributes, such as instant messenger IDs, birthday, and Facebook related details (ID, name, access token).

Hunt identified 1,023,466 unique email addresses, 482,074 were also included in data dumps from other breaches.

The dump includes 5,191,898 unique email addresses, 3,379,071 of them related to mail.ar.r2games.com or mail.r2games.com, remaining 789,361 addresses looked like automatically generated (number]@vk.com addresses).

“When asked about the passwords, Hunt told Salted Hash many of them are MD5 with no salt, but a large number of them have a hash corresponding to the password “admin” and a few hundred thousand others are using the plain text word “sync”.” reported Salted Hash.

“The observation I’d make here is that clearly, they don’t seem to be learning from previous failures. The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying. Perhaps the prior denials are evidence that they just don’t see the seriousness in security,” Hunt told Salted Hash.

The gaming did not respond to requests for comment, R2Games player are invited to change passwords on R2Games forums and for any other service that shares the same login credentials.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – R2Games, data breach)

[adrotate banner=”13″]