Albion Online’s forum database was breached, exposing user passwords and emails


If you’re a user of the Albion Online forums in any capacity, then you’re going to want to take heed of an alert shared in a thread posted this Saturday. Part of the forum’s database has been breached, with the intruder gaining access to user emails and encrypted password information. No payment information was accessed, but those with particularly weak passwords could see the encryption broken by the malicious actor.

According to Sandbox Interactive, the vulnerability that was used to crack the database has already been closed, and additional checks are being run to ensure the integrity of the game’s systems. In addition, the devs will be executing a full security review of all of the backend systems to ensure everything is safe.

In the meantime, users are being strongly urged to change their passwords. And just as an extra precaution, if your password for the forums happens to share any similarities with other databases, you’ll likely want to change all of those passwords as well.

source: official forums, thanks to Rick and Panagiotis for the tip

No posts to display

newest oldest most liked
Subscribe to:

This raises alot of questions of how actually secure and stable this game is.

Jarette Domongatt

In my experience, when this happens its not only the forum that was compromised.
Highly possible that server files were stolen as well.


I really hate when games like this get hacked because I don’t even remember what my password was in the first place to change it.


There is a big difference between exposing the (plain) password and exposing a salted hashed password. Hackers stole the salted hashed passwords which are worthless as long as your password was not ‘password123’. You can’t reconstruct the real passwords from the hashes.
Technically the headline of this article is wrong or at least misleading.


Actually, while you can’t directly reverse a salted hashed password, you can use those hashes together with dictionary attacks and other brute force methods to get all passwords that aren’t strong enough. And with computational power becoming increasingly cheaper, brute force attacks are becoming more feasible every day, meaning the strength the password needs to withstand such an attack is ever increasing.

So, if you have an account on that forum, treat your password as compromised and change the password not only on Albion’s forum but also on every other place where you used the same password. Better safe than sorry.