It’s been more than four months since gaming site Gamigo warned its users of a server breach, but the breach is still in the news as the hackers leaked more than 8 million user credentials.
In February 2012, Gamigo was hacked by someone who calls himself "8in4ry_Munch3r." The company's website was taken down for an extended period of maintenance.
According to the site PwnedList, a total of 8 million accounts have been compromised; 3 million of these accounts belong to Americans. The list of compromised accounts was posted to a hacking forum(Inside Pro) earlier this month until it was removed late last week.
A 478MB file contains 8.2 million email addresses, usernames and password hashes.
“It’s the largest leak I’ve ever actually seen,” says PwnedList founder Steve Thomas, whose startup seeks to track data breaches and alert users when their information is published. “When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.”
Following the attack, Gamigo informed their users about the breach and forced a password reset, but the risk of users having the same credentials for multiple accounts still remains.