Data of 1m Users Lost in EmuParadise Breach
Community members have taken to social media to share the news that the accounts of more than 1 million gamers were reportedly leaked after EmuParadise suffered a data breach, according to multiple reports.
Some of those impacted by the data breach of the retro gaming site, which used to host ROM, said that over the weekend, they started receiving notices that their accounts had been compromised in a data breach.
“The retro gaming website EmuPardise was breached in April 2018. The vBulletin forum exposed 1.1m email addresses, IP address, usernames and passwords stored as salted MD5 hashes. 71% of addresses were already in @haveibeenpwned,” haveibeenpwned.com tweeted.
The site boasts “a huge community, a vast collection of gaming music, game related videos (movies, fmvs, etc.), game guides, magazines, comics, video game translations and much much more!” Infosecurity has contacted EmuParadise and will update if the company responds.
“We know even less about this breach than most. We know the source of the database, and the fact that it exists, but there are no details about how the incident occurred,” said Tim Erlin, vice president of product management and strategy at Tripwire. "It’s been well understood that MD5 is insecure for more than a decade, and its weaknesses have been actively exploited. Despite these known issues, MD5 has persisted for a long time.”
“It would be extremely rare to see new applications making use of MD5 for secure hashing. The problem is that there are so many legacy systems out there, following the modernized adage ‘if it ain’t down, don’t touch it.’ Until these applications are replaced, or the underlying infrastructure stops supporting MD5, we’ll continue to see this type of persistence.”
Source: Information Security Magazine