Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

33 million records exposed after the Evony data breach

The website and the forum of the Evony gaming company were hacked this summer and as a result 33 Million of its gamers have their data compromised. Data of more than 33 million accounts of the Evony gaming company were stolen as result of a data breach occurred in June. Evony is the company that […]

33 million records exposed after the Evony data breach

The website and the forum of the Evony gaming company were hacked this summer and as a result 33 Million of its gamers have their data compromised.

Data of more than 33 million accounts of the Evony gaming company were stolen as result of a data breach occurred in June. Evony is the company that developed the popular game Evony: Age II, that is played by more of 18 Million gamers in over 167 countries. Hackers breached the website of Evony gaming firm accessing 33,407,472 records of registered user accounts.

Two months later, on August, the website was breached again, at that time hackers compromised the Evony forum exposing data of 938,000 registered accounts.

The data breach notification service LeakedSource obtained a copy of the huge archive and published a detailed analysis of the leaked data.

“Gaming company Evony was hacked for a total of 33,407,472 users from its main game database in June of 2016. Earlier this year in August we discovered their forums were also hacked for 938k users.” states a blog post published by the company.

“Each record contains a username, email address, password, and ip address among other internal data fields. Users can now get notified any time they appear in a breach. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.”

Each record includes username, email address, password, and IP address and other internal data. The password were stored in unsalted MD5 and SHA-1 (Secure Hash Algorithm 1), this means that for hackers it is quite easy to decrypt them.

“Passwords were stored using unsalted MD5 hashing which means at this point we have cracked most of them. Surprisingly they also stored the passwords in unsalted SHA1 next to the MD5 which makes no sense but anyway” continues the post.

evony-top-passwords

123456 was the most used password on the gaming site, this is the demonstration that users are a low perception of cyber threats and lack of awareness on a proper security posture online.

A look to the top email domains reveal that @Yahoo.com was one of the most popular, followed by @hotmail.com.

evony-top-emails

At the time I was writing it is not clear is the Evony company has alerted its registered users.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Evony data breach, hacking)