A security incident at Emuparadise, a website where users can play classic video games, has exposed information belonging to 1.1 million accounts, according to breach-tracking site Have I Been Pwned.
An April 2018 breach on the vBulletin forum section of Emuparadise resulted in the compromising of 1.1 million email addresses, IP addresses, and username and passwords as salted MD5 hashes, according to a Have I Been Pwned announcement. The data was provided to Have I Been Pwned by DeHashed.com, which tracks when user credentials are exposed in large data breaches.
The 19-year-old Emuparadise has called itself “the biggest retro gaming website on Earth” by offering nostalgia-laced titles that debuted on old consoles like the Nintendo 64, Super Nintendo, Sega Genesis and others. Few details about the incident immediately were available, though Bleeping Computer reports that the data was for sale on the dark web dating back to January 2019, when it was paired with information apparently stolen from Minecraft databases, the online game Dueling Network, and a handful of other popular services.
The breach is only the latest to affect a prominent gaming site. The industry, with its large customer base and ever-growing list of popular sites, can be an appealing target for hackers.
Emuparadise did not respond to a request for comment Monday.
The security firm Check Point last year disclosed three vulnerabilities to Epic Games, maker of the hugely popular “Fortnite.” Attackers could have exploited weaknesses in Fortnite’s single sign-on protocol to steal a user’s access token, potentially rendering millions of accounts vulnerable. Hackers could have abused this account access to make in-game purchases and monitor players in their homes without detection, according to Check Point. The bugs were patched within weeks.
In January, a hack at Town of Salem, a browser-based role playing game, involved more than 7.6 million email addresses. Information apparently pilfered from that game also was included in the files for sale on the dark web.