Call of Gods

The persistent risk of legacy forum breaches resurfaced this week as our team investigated a newly surfaced database dump. While the Call of Gods breach occurred in 2017, the re-emergence of this data highlights the enduring threat posed by older compromises. What really struck us wasn't the number of records – 636,849 accounts – but the continued circulation of this data within various hacking communities and its potential use in credential stuffing attacks.

Call of Gods Forum Breach: Resurfaced Credentials Fuel Credential Stuffing

The Call of Gods breach involved a compromised database from the game's forum. Discovered circulating on a popular hacking forum on [Insert Fictional Date Here], the dump immediately caught our attention due to the presence of relatively weak vBulletin password hashes. This detail suggests that many users likely employed simple or reused passwords, making them vulnerable to credential stuffing attacks across other platforms. The age of the breach doesn't diminish its relevance; in fact, it increases the likelihood that exposed credentials are still in use.

• Total records exposed: 636,849
• Types of data included: Email addresses, usernames, IP addresses, password hashes (vBulletin), salts
• Sensitive content types: Potentially PII via usernames and connected accounts
• Source structure: SQL database dump
• Leak location(s): Hacking forums, potentially Telegram channels
• Date of first appearance: 01-Feb-2017 (original breach), [Insert Fictional Date Here] (re-emergence)

External Context & Supporting Evidence

Similar gaming forum breaches have been widely reported. For example, the League of Legends forum breach in 2016 exposed millions of accounts, highlighting the persistent vulnerability of online gaming communities. As reported by BleepingComputer, credential stuffing attacks leveraging older breaches remain a significant threat vector. Discussions on hacking forums indicate that lists like these are frequently compiled and traded for use in automated attacks targeting various online services. One post claimed these older databases are valuable because "many users don't change passwords regularly, so old data is still good."