Over 8 million Gamigo user logins leaked months after breach

By on July 23, 2012, 5:30 PM

Millions of user logins swiped from a German gaming company earlier this year have appeared online this month. In February, hackers bypassed the security of free-to-play MMORPG outfit Gamigo, taking over 11 million email addresses and encrypted passwords (though only 8.24 million of the addresses were unique), making it the largest breach of its kind this year, topping June's leak of 6.46 million LinkedIn credentials.

After appearing online this month, security researchers have analyzed the dump, which reportedly includes 3 million US (.com) email addresses, 2.4 million German (.de) addresses, 1.3 million French (.fr) addresses, and 100,000 t-online.de addresses. Users affected by the breach don't really have to worry about their Gamigo account being compromised as the company quickly forced passwords to be reset back in March.

However, folks who used their Gamgio credentials across multiple sites remain at risk and should be extra vigilant about resetting the passwords to those accounts -- especially the email account used on Gamigo. The leak contains addresses for various services including Windows Live Hotmail, Gmail and Yahoo, as well as accounts at companies such as Allianz, Deutsche Bank, ExxonMobil, IBM and Siemens.

ZDNet notes that over 5,000 email addresses were created specifically to register at Gamigo, suggesting those users should be safe, but that's only a tiny fraction of the accounts involved. It's also worth emphasizing that Gamigo protected user passwords with a one-way cryptographic hash algorithm, so complicated passwords may remain secure. PwnedList will tell you if your email address is involved.

User Comments: 3

Got something to say? Post a comment
TomSEA TomSEA, TechSpot Chancellor, said:

Wow...that is brutal. It really leavings one scratching their head how these high-profile companies keep experiencing breach after breach. It's not a novelty anymore - they should know better and have the proper security in place.

gwailo247, TechSpot Chancellor, said:

I know it won't happen in the US, but since the EU likes to get into everyone's business about everything, I'd like to see a commission set up to review these "hacks" and see what exactly happened. And if a company was found to be too lax in their security, especially when it turns out that the rank and file IT workers have been warning about this for a long time, then the company should be fined (into oblivion) if needed. And then the fine should be divided up among the affected users.

Making a person change a bunch of passwords is time consuming, not to mention the fear people have of their information being out in the wild, etc. Even if its $5, that would serve to compensate people for their trouble, rather than just going to line some country's pockets. All this crap is making me become a socialist...bleh.

DjKraid DjKraid said:

# qwailo247 - I agree with you even tho after the fines I would also add a new leadership to the company.

Anyways...I wonder when steam will get hacked :/

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.