More than 2.3 million user records were compromised as two separate gaming companies announced they suffered data breaches.
Digital Extremes, the company behind Warframe, announced that a list of 775,749 email addresses was compromised after an attacker exploited a Drupal SQL exploit that was patched by Drupaltwo weeks after the breach occurred, according to a July 20 post in the company forum.
Separately, a hacker told ZDNet, that they made off with 1.6 million accounts from the official forum the game “Clash of Kings,” by exploiting a known weakness in the forum’s outdated vBulletin software found through dorking, according to a July 22 report.
The hacker provided a sample of the compromised database containing usernames, email addresses, IP addresses, device identifiers, Facebook data and access tokens.
It is unclear if the breaches are connected.
In the operating system arena, most products have auto-update features that check your products and verify that users have the latest version, Contrast Security CTO and Cofounder Jeff Williams told SCMagazine.com via emailed comments.
He said this is type of infrastructure doesn’t exist in the application world so often developers and operations teams are left flying blind.
“At a minimum, we need an infrastructure to notify users,” Williams said. “But even better would be to enable libraries and applications to automatically update themselves when new critical vulnerabilities are discovered.”
By Robert Abel