Millions of user logins swiped from a German gaming company earlier this year have appeared online this month. In February, hackers bypassed the security of free-to-play MMORPG outfit Gamigo, taking over 11 million email addresses and encrypted passwords (though only 8.24 million of the addresses were unique), making it the largest breach of its kind this year, topping June's leak of 6.46 million LinkedIn credentials.
After appearing online this month, security researchers have analyzed the dump, which reportedly includes 3 million US (.com) email addresses, 2.4 million German (.de) addresses, 1.3 million French (.fr) addresses, and 100,000 t-online.de addresses. Users affected by the breach don't really have to worry about their Gamigo account being compromised as the company quickly forced passwords to be reset back in March.
However, folks who used their Gamgio credentials across multiple sites remain at risk and should be extra vigilant about resetting the passwords to those accounts – especially the email account used on Gamigo. The leak contains addresses for various services including Windows Live Hotmail, Gmail and Yahoo, as well as accounts at companies such as Allianz, Deutsche Bank, ExxonMobil, IBM and Siemens.
ZDNet notes that over 5,000 email addresses were created specifically to register at Gamigo, suggesting those users should be safe, but that's only a tiny fraction of the accounts involved. It's also worth emphasizing that Gamigo protected user passwords with a one-way cryptographic hash algorithm, so complicated passwords may remain secure. PwnedList will tell you if your email address is involved.