Private World of Warcraft server Light’s Hope has suffered a major data breach, compromising the personal data of forum users including email and IP addresses. After the breach occurred, an email went out to all Light’s Hope users, accusing the project’s management of corruption, selling user accounts to profit from gold farmers.
That accusatory email out back on June 30, and Light’s Hope commented on the breach earlier today, saying that the forums had been the target of a “mass-bruteforcing attack targeting accounts owned by staff.” They took efforts to prevent the attack, but on June 8 “a user account with access to the administrative parts of the forum” was compromised.
Enjoy all the greatest, non-copyright infringing online games with our list of the best free MMORPGs on PC.
The Light’s Hope operations lead says this breach only affected the forums, and not website or game accounts, though “username, bcrypt hashed password, email, and IP addresses were compromised.” Efforts like two-factor authentication are being put in place to prevent similar breaches from occurring in the future.
“We are disgusted that the hackers released the private information of players in full, without any kind of redaction or anonymizing, thereby fully violating those players privacy and exposing them to spam, phishing attacks, and other unwanted attention. This was a poor attempt at discrediting the Light’s Hope Project, however the only victims in this incident are you, the players.”
In the post, Light’s Hope accuses the folks behind rival server Elysium – with “overwhelming certainty” – of orchestrating the breach, and suggests that Elysium has been the victim of a similar, though unrelated breach.
You can head to the wowservers subreddit or the original email if you want to try sorting out the Discord screenshots and conspiratorial accusations for yourself, but this does go somewhat beyond forum drama with a wide swath of private user data on the line. To that end, Light’s Hope says “On behalf of our users, we have submitted the breach to haveibeenpwned.com and the incident has been reported to the FBI’s IC3 center and Germany’s Federal Police (Bundeskriminalamt) Cybercrime division.”
Light’s Hope split from Elysium last year, as members of the project to keep vanilla WoW up and running accused fellow team members of – again – corruption, and misappropriation of project funds. Clearly, the divorce was not an amicable one.
World of Warcraft Classic will provide an official alternative for vanilla servers – eventually – though it’s some distance away and its exact implementation remains unclear.