BreachExchange mailing list archives

Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach

From: security curmudgeon <jericho () attrition org>
Date: Mon, 23 Jul 2012 12:42:30 -0500 (CDT)


http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/

Eight Million Email Addresses And Passwords Spilled From Gaming Site 
Gamigo Months After Hacker Breach
7/23/2012
Andy Greenberg, Forbes Staff

Call it a slow leak. Four months after the gaming site Gamigo warned users 
about a hacker intrusion that accessed some portions of its users. 
credentials, more than 8 million usernames, emails and and encrypted 
passwords from the site have been published on the Web, according to the 
data breach alert service PwnedList. The half-gigabyte collection of 
stolen user data was posted to a password-cracking forum Inside Pro 
earlier this month, where it remained online until late last week.

PwnedList founder Steve Thomas downloaded the file prior to its removal 
from the Web and has shared it with me, and I can confirm that it appears 
to be an enormous list of user emails with passwords obscured by 
cryptographic hashes.

"It's the largest leak I've ever actually seen," says Thomas, whose 
startup seeks to track data breaches and alert users when their 
information is published. "When this breach originally happened, the data 
wasn't released, so it wasn.t a big concern. Now eight million email 
addresses and passwords have been online, live data for any hacker to 
see."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.

Current thread:

Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach security curmudgeon (Jul 23)