8.24 million Gamigo passwords leaked after hack

[Wubi]

8.24 million Gamigo passwords leaked after hack

By Emil Protalinski for Zero Day | July 23, 2012 -- Updated 15:27 GMT (08:27 PDT)

Summary: Gamigo was hacked back in February but only in July are we seeing the results. More than 8.24 million e-mail addresses and passwords have been leaked after what looks like the biggest security breach of the year (so far).

Months after Gamigo warned its users of a server breach, 8,243,809 user account credentials (e-mail addresses and encrypted passwords) have made their way online. If you've never heard of it, Gamigo is a German online games publisher that focuses on Massively Multiplayer Online Role-Playing Games (MMORPGs) and has so far released 14 client games as well as five browser games. To check whether your account was one of the 8 million that have been compromised, head over to PwnedList, which tells me just recently finished adding this release to its databases.

So, how did this all start? Sometime in late February 2012, Gamigo was hacked by someone who calls him or herself "8in4ry_Munch3r." The company's website was taken down for an extended period of "maintenance." On March 1, Gamigo sent out the following e-mail to its users:

Dear Community,

As you have all already noticed, our game servers, websites and forums are partially unreachable at the moment. We would like to explain to you what happened and what has been done on our side.

There was an attack on the gamigo database in which user information, such as alias usernames and encrypted passwords were stolen. An excerpt from these was published in the gamigo forums. We detected the attack and are working to the utmost of our resources to repair the damage and determine how it happened.

Your character data, including items, is safely stored on the backup! We cannot rule out that the intruder(s) is/are still in possession of additional personal data, although to date we have received no report of any fraudulent use.

To prevent any unauthorized access to your account, we have reset all passwords for the gamigo account system and for all gamigo games!

The gaming site also offered its users guidance on what to do in the aftermath of the hack.

Please follow the following steps to recover access to your gamigo accounts and get back to playing again:

Step 1: Go to the gamigo Account System https://en.gamigo.com/showlayer/resetpassword and set up a new password for the gamigo aAccount System. Please make certain that the new password is not the same as the old one!

Step 2: Log in to the gamigo Account System with the new password and go to "My Games." Please select a new, secure password for each of your games.

Step 3: Important: Please also immediately change the passwords for all game forums you visit, to ensure that your data is safe there as well.

A detailed set of instructions on changing your password can be found in our guidelines at http://assets.cdn.gamigo.com/marketing/portal_en/password-help.pdf.

If you have problems, please contact our Support team at https://ticket.gamigogames.de/index.php?languageid=1.

We greatly regret this incident and any inconvenience it has caused to you.

Gamigo then returned to business as usual, and all was well. The hackers behind the attack, however, were far from done. They were hard at work compiling all the pilfered user accounts and passwords.

On July 6, a forum topic on InsidePro titled "11? md5 hashlist to dump" was posted by a user "-=lebed=-":

Free large file hosting. Send big files the easy way!

Please test your dictionaries

OOPS!, the list should lead to a common mind, and that there is only a first hash, and then type E-mai: hash

That was at the beginning of July, but we're almost at the end. So, what took so long? Well, the leak was only spotted by PwnedList after they saw the following message from _Laz3r_ on July 16:

@gattaca Also http://gamigo.com got popped back in March, hashes dumped 7/6 on insidepro. About 8m email+hashes. InsidePro Software :: View topic - 11? md5 hashlist to dump

Here we are, a week later, and the breach is now fully public. This means we can take a closer look at what exactly was obtained by the hackers.

The SendSpace link pointed to a 478MB file called "ALL.txt" with over 11 million account credentials. Some 6 percent were duplicates, but the rest were new. The link is dead now, but PwnedList managed to download and index it before it went down. The company gave me this quick analysis of the leak:

• German accounts: .de: 2.4 million
  
• t - online.de accounts: 100,000
  
• US accounts: .com: 3 million
  
• French accounts: .fr: 1.3 million
  

The e-mail addresses affect the usual big guys: Microsoft's Windows Live Hotmail, Google's Gmail, and Yahoo Mail. That being said, domains pointing to corporations such as Allianz, Deutsche Bank, ExxonMobil, IBM, and Siemens were also found among the list of compromised user credentials.

The good news is that more than 5,000 e-mail addresses included the name Gamigo, suggesting that they were created specifically to register for the gaming site. Still, that number only represents 0.0006 percent of the total number of e-mail addresses and passwords that were leaked.

While the compromised accounts are unlikely to be useful on Gamigo's sites, since the gaming publisher forced a password reset for all its users, that doesn't mean it can't be used elsewhere. If you use the same e-mail address and password combination elsewhere, make sure to change it there as well.

This breach is bigger than anything we've seen so far this year. In the last few months, there have been a slew of attacks against the following sites: LinkedIn, eHarmony, Last.fm, Yahoo, Android Forums, Billabong, Formspring, and Nvidia, among others.

The largest one was against LinkedIn, which saw the leak of 6.46 million passwords. Gamigo now tops the list.

I have contacted Gamigo about this leak and will update you if I hear back.

http://www.zdnet.com/8-24-million-gamigo-passwords-leaked-after-hack-7000001403/

[DarkyAngel]

au prins tupeu de când cu cele de la yahuu

meanwhile, alt? surs? spune:

Five months after Gamigo, a German Massively Multiplayer Online Role-playing Game (MMORPG) publisher, suffered a data breach that was said to have exposed millions of accounts, the attackers have confirmed the damage by releasing more than 8 million passwords and email accounts taken during the incident.

In February, Gamigo waned users about an attack on a database housing gamer information. At the time, the gaming developer would not rule out the possibility that the attackers had kept the information they accessed. As it turns out, this is exactly what happened.

After working on the list for months, 8.24 million email and password combinations were published to the Web this week by the attackers, or someone who had access to their cache of hijacked data. The list itself is 11 million records, but almost 6% of those records are duplicates. Just over half of the leaked accounts (3.7 million) are from France and German ISPs, while U.S. based ISPs are listed some 3 million times.

Given the time between the actual breach and publication of the compromised data, Gamigo customers are likely not at risk of having their gaming experience hindered. The problem is that many of them likely use the same authentication across multiple websites.

So the beach at Gamigo could lead to compromised accounts on other domains.

The Gamigo leak makes it one of the largest breaches this year, and earns its place alongside Yahoo, LinkedIn, eHarmony, Phandroid, NVIDIA, Last.fm, and Formspring. The game developer has not issued a statement or posted any public comments on the recently published data.