Clash of Clans / Supercell
A Syrian hacker who claims to have hacked into Supercell’s Facebook pages and administrator panel says he/she did it to teach the games company a lesson.
Supercell has confirmed in public posts on Facebook and Twitter that the Facebook pages for its hit games Clash of Clans and Hay Day were indeed “hacked.” Company representatives did not respond to an inquiry about the juicier half of the hacker’s offerings: Screenshots of internal audience and revenue numbers.
Those alleged numbers include 29.4 million daily active users on Feb. 7 and $5.15 million in revenue that day, though it’s not clear if that number is just for Clash of Clans or the company as a whole. The hacker, who goes by the online pseudonym Ethical Spectrum, also provided to Re/code the following screenshot of another daily metrics chart, noting 11.6 million players for an unspecified mobile game worldwide and $1.49 million in revenue that day.
Ethical Spectrum declined to explain how he/she allegedly broke into the company’s metrics, but claimed in an email that Supercell had a chance to stop it.
“I tried to give them the advice of security, but [they] did not give me any attention,” Ethical Spectrum wrote in an email. “So I gave them a lesson. … Before I hack them, I found their CEO email address.”
“No respond = hack,” he/she added.
Even if Supercell CEO Ilkka Paananen did receive and ignore an email from Ethical Spectrum, it’s worth noting that the company offers a more general contact email on its website’s Contact Us page.
Polygon reports that the pages were accessed through a social media management tool called Engagor. Update: Engagor CEO Folke Lemaitre emailed the following statement to Re/code with an explanation:
On February 10th, an unauthorized individual gained access to one of Supercell’s employee’s e-mail account. This e-mail account was subsequently used to gain access to several private sources of information. One of these is the Engagor app, which Supercell uses to manage it’s Facebook page. … Supercell acted quickly on this breach of security and informed Engagor. Engagor responded within minutes by closing down access to the account. At no time Engagor’s security as such was breached.
Lemaitre’s statement suggests that the metrics panel those audience and revenue numbers came from was likely one of the “several private sources of information” connected to the compromised email address.
Via a tweet, Ethical Spectrum denied having had access to Supercell players’ credit card information. The hacker’s Twitter also offers up an entertaining footnote: After choosing to go after a free-to-play game developer, Ethical Spectrum now claims to be inundated with emails begging for virtual currency: