Last updated 3 weeks ago
The RuneScape Boards forum, a vBulletin-based gaming community service now defunct, suffered a data breach around 2011 affecting 223,000 unique user accounts. The breach exposed email addresses, usernames, IP addresses, and salted MD5 password hashes, with the compromised data later redistributed as part of a larger corpus of breached information.
The attack involved unauthorized access to the forum's user database, though the specific initial access vector remains unconfirmed. The vBulletin platform's security vulnerabilities likely contributed to the breach, resulting in the exfiltration of authentication data including salted MD5 password hashes—a cryptographic protection method that was already considered weak by 2011 security standards.
No post-incident developments are documented for this historical breach, as the service has since been discontinued and no regulatory actions, litigation, or remediation milestones were reported following the breach's public documentation.
Data breach of vBulletin-based forum service, later redistributed as part of larger corpus
This breach demonstrates the long-term risks of inadequate password hashing implementations, as salted MD5 was already cryptographically weak when this breach occurred. Gaming communities and forum platforms must implement stronger hashing algorithms like bcrypt or Argon2 and recognize that breached data can resurface years later in aggregated datasets, extending the exposure timeline far beyond the initial incident.
Sign in to join the discussion.
Company
Industry
Location
Records Affected
Attack Vector