RuneScape Boards Forum Leak Exposes 223k User Emails, IPs, and Password Hashes
What Happened – In December 2011 the now‑defunct RuneScape Boards (RSBoards) forum suffered a data breach that exposed 222,762 unique email addresses, usernames, IP addresses and salted MD5 password hashes. The compromised data resurfaced in 2026 via the Have I Been Pwned (HIBP) breach feed.
Why It Matters for TPRM –
- Legacy forum platforms can still hold credential data that attackers reuse against current services.
- Third‑party community sites may be linked to corporate gaming brands, creating a supply‑chain credential risk.
- Exposure of IP addresses can aid targeted phishing or credential‑stuffing campaigns against partner organizations.
Who Is Affected – Gaming community platforms, SaaS forum providers, and any organization that allowed employees or customers to reuse RSBoards credentials.
Recommended Actions –
- Verify that no current corporate accounts reuse passwords from the RSBoards breach.
- Enforce password‑reset and MFA for any accounts that share email addresses with the leaked list.
- Review credential‑reuse policies across all third‑party services.
Technical Notes – The breach stemmed from a vulnerability/exposure in the vBulletin forum software, resulting in the dump of salted MD5 hashes (weak against modern cracking). Data types leaked: email, username, IP address, password hash. Source: Have I Been Pwned – RSBoards breach