The forum of Albion Online, the popular free medieval fantasy MMORPG was breached and usernames and password hashes were stolen.
Sandbox Interactive GmbH, the company behind Albion Online revealed the breach stating that the intruder managed to access forum user profiles, which include the email addresses connected to those forum accounts.
The German game maker said that the passwords were hashed with the Bcrypt password-hashing function and then salted with random data to make it harder for attackers to reverse and crack the password.
They said that the passwords cannot be used to log in to the account, the website or the forum. The only possibility is that they could be used to identify accounts with particularly weak passwords.
The users who used the same emails and passwords for both their game and forum account are at particular risk.
Due to the breach, the game maker advises all forum users to reset passwords via a forum post on Saturday, and emails delivered to all impacted users.
The total number of users affected were not revealed by the company.
Sandbox Interactive said the intruder made use of a now patched vulnerability in its forum platform, known as WoltLab Suite. They are now preparing a report about the security incident to provide to authorities.
Albion Online which was launched in July 2017 is available as a free-to-play game for Windows, macOS, Linux, iOS, and Android.
The game has over 2.5 million players, while the Albion Online forum lists 293,602 registered members.