33 million records exposed after the Evony data breach

The website and the forum of the Evony gaming company were hacked this summer and as a result 33 Million of its gamers have their data compromised.

Data of more than 33 million accounts of the Evony gaming company were stolen as result of a data breach occurred in June. Evony is the company that developed the popular game Evony: Age II, that is played by more of 18 Million gamers in over 167 countries. Hackers breached the website of Evony gaming firm accessing 33,407,472 records of registered user accounts.

Two months later, on August, the website was breached again, at that time hackers compromised the Evony forum exposing data of 938,000 registered accounts.

The data breach notification service LeakedSource obtained a copy of the huge archive and published a detailed analysis of the leaked data.

“Gaming company Evony was hacked for a total of 33,407,472 users from its main game database in June of 2016. Earlier this year in August we discovered their forums were also hacked for 938k users.” states a blog post published by the company.

“Each record contains a username, email address, password, and ip address among other internal data fields. Users can now get notified any time they appear in a breach. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.”

Each record includes username, email address, password, and IP address and other internal data. The password were stored in unsalted MD5 and SHA-1 (Secure Hash Algorithm 1), this means that for hackers it is quite easy to decrypt them.

“Passwords were stored using unsalted MD5 hashing which means at this point we have cracked most of them. Surprisingly they also stored the passwords in unsalted SHA1 next to the MD5 which makes no sense but anyway” continues the post.

123456 was the most used password on the gaming site, this is the demonstration that users are a low perception of cyber threats and lack of awareness on a proper security posture online.

A look to the top email domains reveal that @Yahoo.com was one of the most popular, followed by @hotmail.com.

At the time I was writing it is not clear is the Evony company has alerted its registered users.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Evony data breach, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.