Emuparadise data breach exposed account info of 1.1 million gamers

Data breaches in the UK costing organisations £2.99 million on average

News / Emuparadise data breach exposed account info of 1.1 million gamers

Emuparadise data breach exposed account info of 1.1 million gamers

Emuparadise, a website offering popular retro games dating back over twenty years to gaming enthusiasts, suffered a major data breach in April last year that compromised profile information of over a million gamers, breach database "Have I Been Pwned?" has revealed.

The breach, that took place in or around 1st April last year, compromised email addresses, usernames, passwords, and IP addresses that were linked to 1,131,229 user accounts. These details were taken by cyber criminals from Emuparadise vBulletin forums but it is believed that the breach did not compromise payment cards or other financial information of gamers.

"In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emupardise, suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com," said Have I Been Pwned? in a notification published last week.

Emuparadise data breach exposed account info of 1.1 million gamers

While it is not known if Emuparadise detected the breach or informed affected gamers, the gaming platform migrated to a fresh Net64+ server a month after the breach took place to allow gamers to play against each other.

However, several gamers recently enquired about the breach incident on the retro gaming platform's public forum as they were unaware of it. Responding to queries regarding whether the breach did take place, Emuparadise confirmed that the breach indeed took place and in response, it forced every user to change their password.

"We didn't announce it publicly but we forced everyone to change their password. And we enforce that measure twice every year. This is old news. Old news as in the owner was aware of it and so were staff. It was reported but not publicly," Emuparadise said.

ALSO READ: Credential-stuffing attack compromises Dunkin' Donuts member accounts

The following two tabs change content below.

Jay Jay

Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!