8 Million Gamigo Passwords Published by Attackers – Months After Initial Breach

Five months after Gamigo, a German Massively Multiplayer Online Role-playing Game (MMORPG) publisher, suffered a data breach that was said to have exposed millions of accounts, the attackers have confirmed the damage by releasing more than 8 million passwords and email accounts taken during the incident.

In February, Gamigo waned users about an attack on a database housing gamer information. At the time, the gaming developer would not rule out the possibility that the attackers had kept the information they accessed. As it turns out, this is exactly what happened.

After working on the list for months, 8.24 million email and password combinations were published to the Web this week by the attackers, or someone who had access to their cache of hijacked data. The list itself is 11 million records, but almost 6% of those records are duplicates. Just over half of the leaked accounts (3.7 million) are from France and German ISPs, while U.S. based ISPs are listed some 3 million times.

Given the time between the actual breach and publication of the compromised data, Gamigo customers are likely not at risk of having their gaming experience hindered. The problem is that many of them likely use the same authentication across multiple websites.

So the beach at Gamigo could lead to compromised accounts on other domains.

The Gamigo leak makes it one of the largest breaches this year, and earns its place alongside Yahoo, LinkedIn, eHarmony, Phandroid, NVIDIA, Last.fm, and Formspring. The game developer has not issued a statement or posted any public comments on the recently published data.