Over 1 Million Stalker Online MMO Accounts Breached, Data Put on Sale

With a massive breach in security, information for over one million users from a famous Russia inspired MMO gameStalker Onlinehave been compromised and put on auction.

Stalker Onlineis a popularopen-world MMO gamethat is based on the book “Roadside Picnic,” written by Arkady and Boris Strutgatsky. The game was developed by a studio in Australia called BigWorld Technology.

RELATED:Webkinz Hack Leaks Over 32 Million Usernames and Passwords

Recently, the game fell victim to an online hacker who was able to get varying information from over a million users. The hacker then attempted to sell their information on darknethacker forumsfor an undisclosed amount of BitCoin.

The hackernow has access to the users' passwords, emails, addresses, phone numbers, usernames, and IP addresses. As proof of the hack, the culprit posted a public message on the homepage of the game, threatening to publicly display the information if not contacted immediately. The hacker then posted the auction for the information on a digital storefront that was made available for almost a month. It is unclear at the moment if the information was also set up for sale on other websites.

Stalker Onlineuses the popular MD5 hashtag algorithm to protect its passwords on the database so that it isn’t displayed in plain text. While that is a viable defense, one of MD5’s weaknesses is extension lengthtime attacks, which break down the encrypted information and reprocess it within a specific timeframe. Cybernews, one of the correspondents for this story, has attempted to reach out to BigWorld technology to help the developers with the accounts most at risk, but has not heard a response yet.

Players that have been affected by this issue are highly recommended to change their password immediately. If the password is similar to other accounts, change those passwords as well. Players may expect certain outcomes from this, such as their accounts being used for ransom or falling victim to targeted phishing attacks. Luckily enough, the database didn’t have users more sensitive information such as credit card numbers orsocial security numbers. However, let this be a reminder for users to always create unique passwords for all of their different accounts.