What Happened
In July 2018, specifically on July 4, Firefly Studios’ online multiplayer game Stronghold Kingdoms suffered a data breach when an unauthorized party exploited a security vulnerability, compromising approximately 5.2 million accounts (with some sources citing up to 5.8 million). Exposed data included email addresses, usernames, and passwords stored as salted SHA-1 hashes, though no financial information was affected as transactions were handled by third parties; some reports also mentioned IP addresses and in-game details like currency and troops. Firefly Studios quickly patched the vulnerability, reset passwords in some cases, urged users to change them (especially if unchanged since the incident), and later issued a public notice in 2019 after decrypted passwords surfaced online, recommending unique strong passwords and avoiding reuse. The breach was publicly added to databases like Have I Been Pwned in July 2019 and linked to a hacker selling data on the dark web.
