BreachExchange mailing list archives
Emuparadise gaming emulator website suffers data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 10 Jun 2019 08:51:23 -0500
https://www.zdnet.com/article/emuparadise-gaming-rom-repository-suffers-data-breach/ Retro gaming website Emuparadise has been involved in a data breach leading to the exposure of 1.1 million user accounts. The security incident took place on April 1, 2018, but has only recently emerged after information from impacted user accounts was provided to HaveIBeenPwned by dehashed.com. According to HaveIBeenPwned, 1,131,229 email addresses, IP addresses, usernames, and passwords were involved in the breach. Given that the passwords were stored as salted MD5 hashes, it is reasonable to consider the credentials as lost and easily cracked. The MD5 algorithm, used to hash passwords, was called "no longer safe" and end-of-life by its developer in 2012 following the severe LinkedIn data breach which led to over 6.4 million passwords being leaked -- and decrypted -- in rapid succession. Emuparadise is a retro gaming forum which used to offer a selection of ROMs for old games on platforms including Atari, Nintendo, and Sony PlayStation. ROMs can be played on emulators for gaming consoles and while emulators are, in themselves, not illegal, sharing copyrighted ROMs is generally considered so (but there is an argument for fair use if you are ripping a ROM from a title you own). In order to stay out of copyright trouble, the website operator decided to stop hosting ROMs, but the platform remains a popular outlet for retro gaming fans. Emuparadise' vBulletin forum was apparently the source of the leak. As with any data breach, it is sensible to check to see if you are affected. You can use the HaveIBeenPwned search engine to see if your account was included, and if so, the credentials used for this service should not be used anywhere else. It is best practice to have a unique set of credentials for every online account you use, as when one set of usernames and passwords is compromised, this information could then be used to break into other accounts you own. ZDNet has reached out to Emuparadise and will update if we hear back. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Emuparadise gaming emulator website suffers data breach Destry Winant (Jun 10)