July 24, 2012
8 Million Gamigo Passwords Leaked
Michael Harper for redOrbit.com — Your Universe Online
Gaming website Gamigo is the latest web service to have their users´ data compromised in a hacking attack. This time, more than 8 million email address and encrypted passwords have been published online.
According to the site PwnedList, a total of 8 million accounts have been compromised; 3 million of these accounts belong to Americans. The list of compromised accounts was posted to a hacking forum earlier this month until it was removed late last week.
Weighing in at an impressive half-gigabyte, the file contained hashed passwords and email addresses and was made available for any hacker to crack.
Steve Thomas, founder of PwnedList, told Forbes, “It´s the largest leak I´ve ever actually seen.”
“When this breach originally happened, the data wasn´t released, so it wasn´t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.”
PwnedList tracks these kinds of data breaches and alerts their users whenever their information has been compromised, a service which is becoming increasingly attractive at a time where millions of passwords have already been leaked this year alone.
Gamigo users (or anyone, for that matter) can visit PwnedList.com to see if their data has been compromised.
The passwords in this leak were encrypted and not easily read, unlike those passwords leaked in the Yahoo Voices dump. However, when in the hands of hackers like those who often visit the Inside Pro forum, these encrypted passwords can be still be in danger of being cracked. In fact, a Forbes report says a message was posted on the forum which read “found 94%,” implying that the hacker was able to crack nearly all of the passwords. This message was posted within half an hour of the time the half-gig file was posted to the forum.
The German gaming site forced each of their users to change their passwords when the breach was first spotted in March, so it´s unlikely this leak will be dangerous to users on Gamigo. However, and as is often the case, those gamers who used the same email and password combination for multiple sites could have other accounts compromised as a result of this leak. As such, it´s highly recommended that anyone who had a Gamigo account in March change the rest of their passwords, especially if they reused them on sensitive sites, such as banking websites or email.
PwnedList.com found 3 million American email addresses from the likes of Hotmail, Gmail and Yahoo. Furthermore, the data privacy company also found dozens of emails from major corporations such as Allianz, Deutsche Bank, ExxonMobil and Siemens.
The user who posted this file to Inside Pro said they had counted 11 million hashed passwords. Thomas, however, said he only found 8,244,000 unique email addresses in the file, 5,000 of which included the word “Gamigo,” suggesting they were made specifically for the gaming website. In their announcement to their users about the March breach, Gamigo told their users, “We cannot rule out that the intruder(s) is/are still in possession of additional personal data, although to date we have received no report of any fraudulent use.”
“To prevent any unauthorized access to your account, we have reset all passwords for the gamigo Account System and for all gamigo games!”
Now is as good a time as any to review any and all passwords and make sure your passwords aren´t shared amongst multiple sites.