On July 4th, 2018 we received a support ticket by an anonymous user claiming to have obtained access to all databases that belong to a Swedish based game development company known as “Star Vault AB (publ)“. The user, going by the chat handle “Instakilla” (a Penetration Tester, And Web Developer) offered DeHashed a copy of the data to spread awareness of the breach. The user also appears to have complete access to all their content, including source code to all games produced by the company.

The company has issued a Data Breach Notification On June 17th. The note reads:

Data breach notification

On June 17th, 2018 we were notified that our databases might have been breached. At that time, we cut access to the website from the outside and started an investigation.

We brought in an external person to look into what happened, and today we sadly must tell you that we have indeed been breached.

An unauthorized third party gained database access to one of our servers containing the shop and forum databases.

We immediately started working on fixing the vulnerabilities in the website to stop this from happening in the future. We do not store any credit card information on our servers so that information is still completely safe.

The breach has been reported to the authorities, and collected logs have been sent to the police. If you used a password on the forums or in the shop that you use on other sites, then change them immediately!

We also recommend that you change your account passwords. If you have further questions, send us an email at [email protected]

This is not the first time the game company has been breached, in February of 2012 they were hit with a massive breach, and once again in April of 2015.

Here’s a full analysis of the breach,

The compromised data includes Usernames, Passwords, Forum Activity, Full Names, Emails, Birth Dates, Gender, Full Address, IP Addresses, Facebook Information and much more. Belonging to a total of 609,485 compromised account.

Passwords are stored in the very unsecure hashing method of MD5.

Top 50 Email Providers – Star Vault Email Provider Count gmail.com 228587 hotmail.com 106302 yahoo.com 56333 mail.ru 26436 yandex.ru 10021 live.com 9223 web.de 7482 outlook.com 6399 aol.com 5728 hotmail.co.uk 5653 gmx.de 5569 hotmail.fr 4932 msn.com 3675 googlemail.com 3108 wp.pl 2905 seznam.cz 2862 o2.pl 2661 bk.ru 2605 hotmail.de 2560 qq.com 2343 ymail.com 2247 hotmail.it 2234 comcast.net 2190 yahoo.de 2165 naver.com 2155 rambler.ru 2039 gmx.net 1813 inbox.ru 1504 list.ru 1438 yahoo.co.uk 1438 live.co.uk 1407 live.se 1363 abv.bg 1228 yahoo.co.jp 1187 yahoo.com.br 1153 mail.com 1146 icloud.com 1134 live.fr 1093 live.ca 1040 rocketmail.com 1034 live.nl 1017 yahoo.com.tw 977 hotmail.es 971 interia.pl 965 ya.ru 956 Gmail.com 947 yahoo.fr 924 t-online.de 911 libero.it 882 live.de 868

Along with the emails, the poorly hashed passwords that hackers are able to quickly decrypt are included. Here’s an analysis on that:

Most Common Password Analysis – Star Vault Password Count 123456 1287 1q2w3e4r 344 123456789 311 password 262 123123 243 111111 229 123qwe 217 qwerty 202 1qaz2wsx 188 12345678 175 q1w2e3r4 168 dragon 168 1q2w3e4r5t 162 killer 158 123321 151 mortalonline 137 1q2w3e 136 sharedaccount 135 qwe123 133 1234qwer 132 qwer1234 130 qwerty123 123 dolphin7 122 abc123 121 starwars 114 123qweasd 110 lol123 109 chop123 107 Pa$$word 105 password1 102 12qwaszx 101 666666 100 [email protected] 100 22source12 99 master 99 1234567890 97 159753 95 1234567 95 shadow 92 qazwsx 90 1qazxsw2 86 584511 86 abcd1234 85 12341234 85 pokemon 83 asdf1234 81 rpk1ng 80 q1w2e3 79 mortal 78 121212 76

In conclusion, Star Vault games seems to have failed to protect it’s users for the 3rd time. They insisted on using weak hashing methods that now leaves their users at a greater risk than necessary. Had they used a better hashing method, users would have been somewhat safer, considering their personal data has been breached and is now being spread across the internet by hackers.

We at DeHashed have obtained a copy of the database, We will be notifying users if they have been affected with the next few hours.