Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwordsfrom the site have been published on the Web, according to the data breach alert service PwnedList.
The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro. According to forbe,"The list also contained 8.2 million unique e-mail addresses, including 3 million American accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France."
Gamigo warned users in early March that an attack on the Gamigo database had exposed hashed passwords and usernames and possibly other, unspecified additional personal data. The site required users to change their account passwords.
PwnedList founder Steve Thomas said, “It’s the largest leak I’ve ever actually seen. When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.
This breach is bigger than anything we've seen so far this year. In the last few months, there have been a slew of attacks against the following sites: LinkedIn, eHarmony, Last.fm, Yahoo, Android Forums, Formspring, and Nvidia, among others.
Gamigo users can check on PwnedList’s site whether their email address is included in the leak.
On March 1, Gamigo sent out the following e-mail to its users:
Dear Community,
As you have all already noticed, our game servers, websites and forums are partially unreachable at the moment. We would like to explain to you what happened and what has been done on our side.
There was an attack on the gamigo database in which user information, such as alias usernames and encrypted passwords were stolen. An excerpt from these was published in the gamigo forums. We detected the attack and are working to the utmost of our resources to repair the damage and determine how it happened.
Your character data, including items, is safely stored on the backup! We cannot rule out that the intruder(s) is/are still in possession of additional personal data, although to date we have received no report of any fraudulent use.
To prevent any unauthorized access to your account, we have reset all passwords for the gamigo account system and for all gamigo games!