Hackers weren’t playing around on Emuparadise’s forum
GAMING WEBSITE Emuparadise has suffered a data breach affecting 1.1 million forum members.
Emuparadise is a retro gaming forum which used to offer a selection of ROMs for older games that could be played through an emulator. The site removed its entire library last year, just months after Nintendo began taking action against ROM-hosting sites.
It looks like things are going from bad to worse for the 19-year-old website, as HaveIBeenPwned has revealed that Emuparadise suffered a breach in April 2018. It only came to light this week after the breach-alert website received a database from DeHashed.com that contained 1,131,229 accounts from an alleged hack of the Emuparadise vBulletin forums.
It is not known how DeHashed gained access to this database, but BleepingComputer reports that users of hacker forums have been attempting to flog the Emuparadise data since January 2019, if not earlier.
According to HIBP, the breach involved users’ revealed email addresses, IP addresses, usernames and passwords. These passwords were stored using the MD5 hashing algorithm; even its creator admits it’s no longer secure, so it would have been pretty easy for anyone to decrypt them.
Emuparadise has yet to formally disclose the breach, but over on the company’s forum, an administrator going by “Cookie Monster,” said that staff members and those affected were informed.
“We didn’t announce it publicly but we forced everyone to change their password,” Cookie Monster wrote. “And we enforce that measure twice every year. This is old news.” µ
Source : Inquirer