Retro gaming website Emuparadise has been involved in a data breach leading to the exposure of 1.1 million user accounts.
The security incident took place on April 1, 2018, but has only recently emerged after information from impacted user accounts was provided to HaveIBeenPwned by dehashed.com.
According to HaveIBeenPwned, 1,131,229 email addresses, IP addresses, usernames, and passwords were involved in the breach.
The passwords were stored as salted MD5 hashes.
The MD5 algorithm, used to hash passwords, was called "no longer safe" and end-of-life by its developer in 2012. This statement followed the severe LinkedIn data breach which led to over 6.4 million passwords being leaked -- and decrypted due to SHA-1 -- in rapid succession.
Emuparadise is a retro gaming forum which used to offer a selection of ROMs for old games on platforms including Atari, Nintendo, and Sony PlayStation. ROMs can be played on emulators for gaming consoles and while emulators are, in themselves, not illegal, sharing copyrighted ROMs is generally considered so (but there is an argument for fair use if you are ripping a ROM from a title you own).
In order to stay out of copyright trouble, the website operator decided to stop hosting ROMs, but the platform remains a popular outlet for retro gaming fans. Emuparadise' vBulletin forum was apparently the source of the leak.
As with any data breach, it is sensible to check to see if you are affected. You can use the HaveIBeenPwned search engine to see if your account was included, and if so, the credentials used for this service should not be used anywhere else.
It is best practice to have a unique set of credentials for every online account you use, as when one set of usernames and passwords is compromised, this information could then be used to break into other accounts you own.
ZDNet has reached out to Emuparadise and will update if we hear back.
Previous and related coverage
- Massive Quest Diagnostics data breach impacts 12 million patients
- One of New York's largest nonprofits suffers data breach
- Fortune 500 company leaked 264GB in client, payment data
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0