Supercell, the company behind the super-popular mobile game Clash Royale, suffered a breach in September that might have exposed its users.
A community manager announced on the firm’s forums that hackers managed to breach the website with a vulnerability last fall, but while they indeed gained access to user accounts, game accounts were still secure. Emails and encrypted passwords were exposed and no other data was stolen.
“We’re currently looking into report that a vulnerability allowed third party hackers to gain illegal access to some forum user information, including a number of emails and encrypted passwords. Our preliminary investigation suggests that the breach happened in September 2016 and it has since been fixed,” the parent company said.
No game data compromised
No hacker or group claimed the attack so far, and it’s not yet clear how many accounts were actually compromised, but Supercell says that all users should change their passwords as soon as possible.
“Game accounts have not been affected. To make sure your account is not being accessed without your knowledge, please change the password you are using on this forum as soon as possible. We also strongly advise you to change the password in any other systems you are using with the same login. As a general guideline, matching credentials should not be used on multiple sites,” the announcement reads.
And while at first glance you might not be tempted to believe that it’s worth changing your passwords because hackers wouldn’t get access to sensitive details anyway, you should do that as soon as possible especially if the same password is used for other services as well.
Hackers often try stolen passwords with the most popular online services, including Google and Yahoo, so this breach could affect users beyond the Clash Royale forums.
If you want to reset your Clash Royale forum account, go here to do this, but keep in mind that if the same password is used elsewhere, you must change it there as well.