Star Vault - Mortal Online Hacked
On July 4th, 2018 we received a support ticket by an anonymous user claiming to have obtained access to all databases that belong to a Swedish based game development company known as “Star Vault AB (publ)“. The user, going by the chat handle “Instakilla” (a Penetration Tester, And Web Developer) offered DeHashed a copy of the data to spread awareness of the breach. The user also appears to have complete access to all their content, including source code to all games produced by the company.
The company has issued a Data Breach Notification On June 17th. The note reads:
Data breach notification
On June 17th, 2018 we were notified that our databases might have been breached.At that time, we cut access to the website from the outside and started an investigation.
We brought in an external person to look into what happened, and today we sadly must tell you that we have indeed been breached.
An unauthorized third party gained database access to one of our servers containing the shop and forum databases.
We immediately started working on fixing the vulnerabilities in the website to stop this from happening in the future.We do not store any credit card information on our servers so that information is still completely safe.
The breach has been reported to the authorities, and collected logs have been sent to the police.If you used a password on the forums or in the shop that you use on other sites, then change them immediately!
We also recommend that you change your account passwords.If you have further questions, send us an email at info@starvault.se
This is not the first time the game company has been breached, in February of 2012 they were hit with a massive breach, and once again in April of 2015.
Here’s a full analysis of the breach,
The compromised data includes Usernames, Passwords, Forum Activity, Full Names, Emails, Birth Dates, Gender, Full Address, IP Addresses, Facebook Information and much more. Belonging to a total of 609,485 compromised account.
Passwords are stored in the very unsecure hashing method of MD5.
Top 50 Email Providers – Star Vault
| Email Provider | Count |
|---|---|
| gmail.com | 228587 |
| hotmail.com | 106302 |
| yahoo.com | 56333 |
| mail.ru | 26436 |
| yandex.ru | 10021 |
| live.com | 9223 |
| web.de | 7482 |
| outlook.com | 6399 |
| aol.com | 5728 |
| hotmail.co.uk | 5653 |
| gmx.de | 5569 |
| hotmail.fr | 4932 |
| msn.com | 3675 |
| googlemail.com | 3108 |
| wp.pl | 2905 |
| seznam.cz | 2862 |
| o2.pl | 2661 |
| bk.ru | 2605 |
| hotmail.de | 2560 |
| qq.com | 2343 |
| ymail.com | 2247 |
| hotmail.it | 2234 |
| comcast.net | 2190 |
| yahoo.de | 2165 |
| naver.com | 2155 |
| rambler.ru | 2039 |
| gmx.net | 1813 |
| inbox.ru | 1504 |
| list.ru | 1438 |
| yahoo.co.uk | 1438 |
| live.co.uk | 1407 |
| live.se | 1363 |
| abv.bg | 1228 |
| yahoo.co.jp | 1187 |
| yahoo.com.br | 1153 |
| mail.com | 1146 |
| icloud.com | 1134 |
| live.fr | 1093 |
| live.ca | 1040 |
| rocketmail.com | 1034 |
| live.nl | 1017 |
| yahoo.com.tw | 977 |
| hotmail.es | 971 |
| interia.pl | 965 |
| ya.ru | 956 |
| Gmail.com | 947 |
| yahoo.fr | 924 |
| t-online.de | 911 |
| libero.it | 882 |
| live.de | 868 |
Along with the emails, the poorly hashed passwords that hackers are able to quickly decrypt are included. Here’s an analysis on that:
Most Common Password Analysis – Star Vault
| Password | Count |
|---|---|
| 123456 | 1287 |
| 1q2w3e4r | 344 |
| 123456789 | 311 |
| password | 262 |
| 123123 | 243 |
| 111111 | 229 |
| 123qwe | 217 |
| qwerty | 202 |
| 1qaz2wsx | 188 |
| 12345678 | 175 |
| q1w2e3r4 | 168 |
| dragon | 168 |
| 1q2w3e4r5t | 162 |
| killer | 158 |
| 123321 | 151 |
| mortalonline | 137 |
| 1q2w3e | 136 |
| sharedaccount | 135 |
| qwe123 | 133 |
| 1234qwer | 132 |
| qwer1234 | 130 |
| qwerty123 | 123 |
| dolphin7 | 122 |
| abc123 | 121 |
| starwars | 114 |
| 123qweasd | 110 |
| lol123 | 109 |
| chop123 | 107 |
| Pa$$word | 105 |
| password1 | 102 |
| 12qwaszx | 101 |
| 666666 | 100 |
| P@ssw0rd | 100 |
| 22source12 | 99 |
| master | 99 |
| 1234567890 | 97 |
| 159753 | 95 |
| 1234567 | 95 |
| shadow | 92 |
| qazwsx | 90 |
| 1qazxsw2 | 86 |
| 584511 | 86 |
| abcd1234 | 85 |
| 12341234 | 85 |
| pokemon | 83 |
| asdf1234 | 81 |
| rpk1ng | 80 |
| q1w2e3 | 79 |
| mortal | 78 |
| 121212 | 76 |
In conclusion, Star Vault games seems to have failed to protect it’s users for the 3rd time. They insisted on using weak hashing methods that now leaves their users at a greater risk than necessary. Had they used a better hashing method, users would have been somewhat safer, considering their personal data has been breached and is now being spread across the internet by hackers.
We at DeHashed have obtained a copy of the database, We will be notifying users if they have been affected with the next few hours.