Over eight million passwords and email addresses revealed in Gamigo hack info dump

over eight million passwords and email addresses revealed in gamigo hack info dumpFour months after it announced that it had been hacked and that the intruders may have been able to access users’ personal information, millions of usernames, passwords and email addresses from the databases of Gamigo have been released online, an action being described as one of the biggest password dumps ever seen.

The site, based in Germany, announced in March that an “attack on the Gamigo database” had exposed not only “(alias) user names and encrypted gamigo user passwords” but also, possibly, more. “[Our] database was subject to an attack in the last few days,” the site posted in its forums, adding that  “We cannot rule out that the intruder(s) is/are still in possession of additional personal data, although to date we have received no report of any fraudulent use.” With the site employing a micropayment system to create revenue, the threat of “additional personal data” loss  could have been extremely unnerving to some users. “To prevent any unauthorized access to your account, we have reset all passwords for the gamigo Account System and for all gamigo games,” the announcement concluded. And then – nothing, or so it seemed, leading some to believe that the information hadn’t actually been breached after all, and hoping that it was all a false alarm. Sadly, it wasn’t.

A file containing just over eight million unique email addresses was shared via the InsidePro forum on July 6, with the subject line “11М md5 hashlist to dump.” The post itself didn’t give any context for the link, simply asking users to “Please test your dictionaries” and adding “OOPS!, the list should lead to a common mind, and that there is only a first hash, and then type E-mai: hash.” The dump – No longer available for download – was captured by PwnedList owner Steve Thomas, who identified it as the Gamigo information, going on to describe it as “the largest leak I’ve ever actually seen.” He went on to say, “When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.”

The information breaks down to 8,244,000 email addresses, with 3 million accounts coming from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France. In addition to addresses from the more familiar public domains (Gmail, Hotmail, Yahoo!), there were also addresses from corporate addresses from companies including IBM, Allianz, Siemens, Deutsche Bank, and ExxonMobil. More than five thousand of the addresses included the word “gamigo,” suggesting that they were created specifically to sign up for the service. For Thomas, the dump of the passwords isn’t the end of the hack, but the beginning of the fallout. “Now that these full details are out there,” he told Forbes, “we can expect more attempts for accounts to be taken over or used maliciously.” Perhaps it’s time to start changing passwords, just in case.

Home Theater

Kanopy privacy breach reveals which movies members have been streaming

Free video streaming site, Kanopy, has been inadvertently publishing millions of lines of web log data for days, according to a new security report. A bad actor could guess a person's identity and see what they've been watching.
Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Social Media

New Zealand attack shows that as A.I. filters get smarter, so do violators

The shootings in Christchurch, New Zealand were livestreamed to social media, and while stats show networks are improving at removing offending videos, as the system improves, so do the violators' workarounds.

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.

Edit, sign, append, and save with six of the best PDF editors

Though there are plenty of PDF editors to be had online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or operating system.

Firefox 66 is here and it will soon block irritating autoplay videos

Do web advertisements have you frustrated? Mozilla is here to help. The latest version of the browser will soon block autoplaying videos by default and will also help make web page scrolling smoother.

Patreon is having another go at changing the way it charges creators

Patreon messed up pretty badly the last time it tried to change its payment system. Now it's having another go, though this time the changes mainly affect future sign-ups rather than its current community of creators.
Movies & TV

No TV? No problem. Here's how to watch the Final Four online

Whether you want to watch the Big Dance on your phone or on your smart TV, we have the lowdown on all the ways to watch March Madness you can handle. Grab your foam finger and some nachos.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. But with so many subreddits to choose from, exploring them can be overwhelming. Here are some of the best subreddits to get you started.

Confused about RSS? Don't be. Here's what it is and how to use it

What is an RSS feed, anyway? This traditional method of following online news is still plenty useful. Let's take a look at what RSS means, and what advantages it has in today's busy world.

Don’t be fooled! Study exposes most popular phishing email subject lines

Phishing emails are on the rise and a new study out by the cybersecurity company Barracuda has exposed some of the most common phishing email subject lines used to exploit businesses. 

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.