Retro gaming website Emuparadise was affected by a data breach in which 1.1 million user accounts were exposed. The incident occurred in April last year but it had surfaced recently after information from the affected user accounts was provided to HaveIBeenPwned by dehashed.com.
According to HaveIBeenPwned, 1,131,229 email addresses, IP addresses, usernames, and passwords were involved in the breach.
Since the passwords were stored as salted MD5 hashes, it is sensible to consider the credentials as lost and easily cracked.
The MD5 algorithm which was used to hash passwords is considered to be not safe anymore by its developer in 2012 after the LinkedIn data breach which resulted in the disclosure and decryption of more than 6.4 million passwords.
Emuparadise is a retro gaming forum that provides ROMs for old games on platforms like Atari, Nintendo, and Sony PlayStation. ROMs can be played on emulators for gaming consoles. But even though emulators are not illegal, sharing copyrighted ROMs is considered to be illegal.
To be safe from the copyright trouble, the website operator decided to stop hosting ROMs, but the platform was a popular outlet for retro gaming fans. The source of the data leak was the Emuparadise’ vBulletin forum.
Those users who wish to know whether they are affected by the breach, can make use of the HaveIBeenPwned search engine to check if their accounts are also included. If so, it is wise to not use the credentials used for this service elsewhere.
It is always highly recommended to have a unique set of credentials for every online account you use. This is mainly because if a set of usernames and passwords is compromised, these details can be used to get access to your other accounts that uses the same credentials.