Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Gamigo Hack Leaks Eight Million Accounts

This article is over 12 years old and may contain outdated information
image

Four months after the site was compromised, a huge number of Gamigo user names and encrypted passwords have found their way to the web.

Gamigo is a German online game company that tends to hang out in the more casual side of town, so you’d be forgiven for not noticing, or not remembering, the March intrusion into its user database. But it was a big one, and four months down the road more than 8.2 million unique email addresses and 11 million encrypted passwords taken in the attack have turned up on hacking site Inside Pro.

“It’s the largest leak I’ve ever actually seen,” PwnedList founder Steve Thomas told Forbes. “When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.”

The archive has since been removed (although not before Thomas had a chance to download it himself and check it out) and the good news is that the passwords were hashed. The bad news is that the encryption likely won’t hold up forever; less than a half-hour after it went up, another Inside Pro forum user posted a message implying that he had already decrypted 94 percent of the passwords. It’s impossible to verify the accuracy of the statement but it’s a virtual certainty that somebody, somewhere is hard at work on breaking the encryption.

There’s also no official confirmation yet that this file does in fact contain the information taken during the Gamigo intrusion, although Thomas said that roughly 5000 of the email addresses contain the world “gamigo,” suggesting that they were created specifically for registering with the site. Gamigo itself said that the file appears to contain “no new data” but added, “The republication of the stolen data serves as a strong reminder of the need for vigilance and ongoing critical review of our procedures and policies.”

It’s not necessarily a big deal for Gamigo users, since the site issued a notification of the attack and reset all passwords immediately following the breach. The real security risk lies among those who reuse passwords for multiple sites or services. Because of that, people who have used their Gamigo passwords for other sites are strongly urged to change them as soon as possible.

Source: Forbes

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy