September 27, 2016

8 million passwords posted online from German gaming website Gamigo

(LiveHacking.Com) – The German gaming website Gamigo was hacked in February and over 8. million e-mail addresses and passwords were stolen. The passwords, which were hashed, were dumped on to crypto-cracking forum InsidePro. Now, four months later, underground crypto analysts have broken the hash.

A user on the forum, who claims to have cracked the one-way hash, has decrypted 94% of the passwords. PwnedList,  a tool that allows people to check if their online accounts have been compromised, told Forbes of the decrypted password which contains a huge 8.2 million unique email addresses. Of the 8.2 million, 3 million are from the USA , 2.4 million from Germany, and 1.3 million from France.

For those that aren’t familiar with Gamigo, it is a Massively Multiplayer Online Role-Playing Games (MMORPGs) publisher with a repertoire of 14 client games and five browser-based games. And obviously, it has over 8 million users worldwide.

After the original hack, back in February, Gamigo sent an email to its users which confirmed that there “was an attack on the Gamigo database in which user information, such as alias usernames and encrypted passwords were stolen.” All passwords were then reset for all Gamigo games.

While the decrypted passwords are unlikely to work on the Gamigo site, because of the forced password resets, users should check that they aren’t using the same username and password on any other sites.

In terms of size, this is the biggest cache of passwords stolen this year. Previously this unwanted honor fell to LinkedIn who had over 6 million passwords stolen.