The database with account information and the official lwa le forum Lord of the Rings Online appeared without credentials accessible via the internet. Also was the forum vulnerable to sql injection. Developer Turbine has both been taken offline.
User ‘freundlich’ of the unofficial LotroCommunity forum discovered that the account database of the mmog Lord of the Rings Online susceptible for sql injection attacks. The database for both the game and the official forum used and contains usernames, md5 password hashes, ip addresses and personal data. There would also be payment information available are. User Amrundir discovered that the database also via the internet accessible for everyone.
The user has the leak reported at developer Turbine, which the database and the forum offline for a week. Via Twitter reports Turbine, just that the forum is currently not available. Also the forums of Asheron’s Call and Dungeons & Dragons Online, which is also from the stable of Turbine, are not currently available.
Turbine introduced in december 2009, the expansion Siege of Mirkwood and took a new communitywebsite in use. At this new website were gamers forced to use the same username-password combination to use for the game and the forum, something for which the developer criticism got to endure. Turbine took on June 1, the management of the European LotrO servers from Codemasters and added this together with his American servers and services.
