Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

8 Million Gamigo Passwords Published by Attackers – Months After Initial Breach

Five months after Gamigo, a German Massively Multiplayer Online Role-playing Game (MMORPG) publisher, suffered a data breach that was said to have exposed millions of accounts, the attackers have confirmed the damage by releasing more than 8 million passwords and email accounts taken during the incident.

Five months after Gamigo, a German Massively Multiplayer Online Role-playing Game (MMORPG) publisher, suffered a data breach that was said to have exposed millions of accounts, the attackers have confirmed the damage by releasing more than 8 million passwords and email accounts taken during the incident.

In February, Gamigo waned users about an attack on a database housing gamer information. At the time, the gaming developer would not rule out the possibility that the attackers had kept the information they accessed. As it turns out, this is exactly what happened.

After working on the list for months, 8.24 million email and password combinations were published to the Web this week by the attackers, or someone who had access to their cache of hijacked data. The list itself is 11 million records, but almost 6% of those records are duplicates. Just over half of the leaked accounts (3.7 million) are from France and German ISPs, while U.S. based ISPs are listed some 3 million times.

Given the time between the actual breach and publication of the compromised data, Gamigo customers are likely not at risk of having their gaming experience hindered. The problem is that many of them likely use the same authentication across multiple websites.

So the beach at Gamigo could lead to compromised accounts on other domains.

The Gamigo leak makes it one of the largest breaches this year, and earns its place alongside Yahoo, LinkedIn, eHarmony, Phandroid, NVIDIA, Last.fm, and Formspring. The game developer has not issued a statement or posted any public comments on the recently published data.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.