RuneScape Boards Breach - 222K Accounts Exposed

Overview

In 2011, the now-defunct RuneScape Boards (RSBoards) forum suffered a data breach that exposed over 222,000 user accounts. The vBulletin-based platform, popular among RuneScape fans for community discussions, was compromised, leading to the theft of email addresses, passwords, usernames, names, and IP addresses. The stolen data was later redistributed as part of a larger compiled breach corpus. Affected users can verify their exposure on Have I Been Pwned.

What Was Exposed

The breach leaked multiple categories of sensitive data:

• Email Addresses - 222,762 unique accounts
• Passwords - stored as salted MD5 hashes (a notoriously weak hashing algorithm that is easily cracked with modern hardware)
• Usernames - directly tied to individual RuneScape identities
• Names - potentially full real names
• IP Addresses - used to identify user locations at the time of registration

The combination of email addresses and easily crackable password hashes makes this breach especially dangerous for affected users.

Account Takeover Risks

The primary threat from this breach is account takeover. MD5 hashing with salt provides some protection, but MD5 is considered broken due to high-speed cracking tools like Hashcat. Attackers can crack these hashes and use the resulting credentials to access accounts on other platforms. Since many users reuse passwords across services, this breach acts as a stepping stone to compromise email, social media, and even financial accounts. Affected users should immediately change passwords on RuneScape Boards and any other accounts that share the same password.

Identity Theft Risks

Exposed IP addresses and real names compound the risk. With IP addresses, attackers can approximate geographic location, while names help build a more complete profile for identity theft. Despite the age of the breach, the data could be used in targeted phishing campaigns, as seen in other breaches from the same era. For instance, similar cybersecurity news incidents involving forum leaks have demonstrated that old data is often combined with new leaks to create convincing impersonations.

What to Do Right Now

1. Check if you’re affected: Visit Have I Been Pwned and search your email address.
2. Change passwords: If you used the same password on RuneScape Boards and other sites, change those passwords immediately. Use unique, complex passwords for each service.
3. Enable two-factor authentication (2FA): Add 2FA to all accounts that support it, especially email and financial services.
4. Watch for phishing: Be suspicious of unsolicited messages referencing RuneScape or forum activity. Attackers often use breach data to craft believable phishing attempts.
5. Check for password reuse: Use a password manager to audit your accounts and identify reused passwords.

How to Check If You’re Affected

The easiest way to check is via Have I Been Pwned. Enter the email address you used on RuneScape Boards. If it appears in the breach, follow the remediation steps above. Note that because the breach occurred in 2011, users who have since changed their email may need to check old addresses. No direct verification tool exists for RuneScape Boards as the forum is now defunct.

Security Insight

This breach illustrates a recurring issue in the gaming industry: forums using outdated, insecure authentication practices. The use of salted MD5 in 2011 was already considered weak, yet it persisted. This incident also serves as a stark reminder that breaches do not expire - data from 2011 remains for sale and circulation today, making it a long-term threat to affected users. The lack of any forced password reset or disclosure at the time of the breach compounds the risk, as many users likely remained unaware for over a decade.

Further Reading

• All Critical Breaches
• Recent Data Breaches