Chinese first-person shooter game community.
In August 2016, the Russian CrossFire gaming community forum (cfire.mail.ru) was hacked as part of a wave of attacks on mail.ru-hosted vBulletin gaming forums (~27 million accounts total across cfire, parap, and tanks). Attackers exploited SQL-injection flaws in the vBulletin Forumrunner add-on on outdated versions. Exposed data included usernames, email addresses, salted MD5 passwords, IP addresses, and dates of birth (~7.7M unique emails for CrossFire). (Note: this is the Russian mail.ru community forum for CrossFire, not a Chinese platform as previously tagged.)
ObscureIQ assessment: Exposure enables account takeover, fraud, phishing, and harassment. Competitive-game and purchase data can also support item theft and cross-platform targeting.
The exposure of usernames, emails, salted MD5 passwords, IP addresses, and dates of birth for ~7.7 million players enables credential-stuffing, account-takeover, identity-verification bypass (via DOB), and targeted phishing.
Cross Fire (cfire.mail.ru) is the Russian community forum for the popular FPS game CrossFire, hosted on the mail.ru platform. It maintained player forum accounts.
Online shooter platforms collect player accounts, emails, purchase history, gameplay activity, device data, and community interactions across live-service gaming workflows.
In August 2016, cfire.mail.ru was breached as part of a wave of attacks on mail.ru-hosted vBulletin gaming forums (also hitting parap.mail.ru and tanks.mail.ru; ~27 million accounts total). Attackers exploited SQL-injection vulnerabilities in the vBulletin "Forumrunner" add-on on outdated installations.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
If you believe your information may be included:
In August 2016, the Russian CrossFire gaming community forum (cfire.mail.ru) was hacked as part of a wave of attacks on mail.ru-hosted vBulletin gaming forums (~27 million accounts total across cfire, parap, and tanks). Attackers exploited SQL-injection flaws in the vBulletin Forumrunner add-on on…
Verified fields include Date of Birth, Email Address, IP Address, Password, Username.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation