Latest data breach on Evony gaming company results in 33 million users accounts stolen and this attack carried out in June. You might heard of Age II a popular game which is being played by more than 20 Million gamers in over 167 countries. Somehow hackers were able to find vulnerability in Evony gaming firm result in accessing 33,407,472 records of their users.
No that’s not the end of story! Two months later, on August, the website were targeted again and this time hackers compromised the Evony forum exposing data over 938k registered accounts
The data breach notification service LeakedSource obtained a copy of the huge archive and published a detailed analysis of the leaked data.
“Gaming company Evony was hacked for a total of 33,407,472 users from its main game database in June of 2016. Earlier this year in August we discovered their forums were also hacked for 938k users.” states a blog post published by the company.
“Each record contains a username, email address, password, and ip address among other internal data fields. Users can now get notified any time they appear in a breach. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.”
They were able to export usernames, emails, passwords (MD5 and SHA-1) along with IP Addresses with more description. Cracking MD5 Hashes is not quite complicated at all there are many open source tools that might help hackers decrypting those Hashes.
“Passwords were stored using unsalted MD5 hashing which means at this point we have cracked most of them. Surprisingly they also stored the passwords in unsalted SHA1 next to the MD5 which makes no sense but anyway” continues the post.
The most used password were 123456. And most popular email domain were @Yahoo.com followed by @hotmail.com.