Retro gaming site Emuparadise has suffered from a data breach. In all, 1.1 million accounts have been exposed.
Emuparadise is once again making headlines. This time, it’s thanks to a data breach on its web forums. The breach itself took place in April of last year, but only now has it been disclosed publicly. Here’s ZDNet noting the breach:
The security incident took place on April 1, 2018, but has only recently emerged after information from impacted user accounts was provided to HaveIBeenPwned by dehashed.com.
According to HaveIBeenPwned, 1,131,229 email addresses, IP addresses, usernames, and passwords were involved in the breach.
The passwords were stored as salted MD5 hashes.
While the information has been encrypted, it would only be a matter of time before that information is cracked. That might not take quite as long as MD5 has already reached end-of-life and is no longer considered safe. Still, users of the site should definitely consider changing their passwords to avoid any issues with their account.
The good news in this is that no sensitive information is compromised here. No credit card information or social security data is used. The only real threat here is if the same password is used on other more sensitive services on the users part. That could lead to problems, so a change in password is definitely recommended in that case for the other services.
What is interesting is the fact that the incident took place on the beginning of April. That’s about 5 months before Nintendo sent a cease and desist order to the site. That order caused the site owner to voluntarily pull every ROM for the site and not just the ROMs Nintendo was demanding to be taken down. So, really, 2018 wound up being a one two blow for the site more than anything else.
June is proving to be a rather bumpy month for security incidences. The month started with a bang when First American suffered a data leak which saw 885 million records exposed. That was followed up by Marriott’s parent company suffering from a data breach which saw 85.4GB of security information compromised. Next up is Quest Diagnostics which saw 12 million patients exposed in a data breach. After that, LabCorp was hit with a data breach. In all, 7.7 million patients were exposed. Finally, the U.S. Customs and Border Protection wound up also being hit with a data breach. An unknown number of American travellers were exposed in that one.
Compared to a number of different leaks and breaches, the Emuparadise breach actually isn’t so bad – especially when the data is encrypted in the first place.
Drew Wilson on Twitter: @icecube85 and Facebook.