back to article Months later, Gamigo hacker takes dozy dump, exposes 8 million

More than eight million email addresses, usernames and password hashes from German gaming website Gamigo have been dumped online, months after the site was hacked. A 500MB file containing 8.2 million Gamigo user login credentials was uploaded and publicised via a post to password-cracking forum Inside Pro, according to the …

COMMENTS

This topic is closed for new posts.
  1. wibble001

    "It's unclear why the person who uploaded the list waited so long to spill the goodies after the original breach" - Really slow upload rate?

    1. Mike007

      Surely you mean they must have been using <insert readers ISP>? (judging by comments on most ISP related articles it seems most readers seem to chose to give their money to ISPs they think are a load of crap)

  2. Khaptain Silver badge

    Dong

    You can here the sound in the admins head as the bell rings and he says to himself: "Ohhhh Fuck, why me....."

  3. Anonymous Coward
    Anonymous Coward

    I like the way hackers talk with such superiority when it comes to describing how stupid people are when managing data. I know a guy who like to hack and he is just the same. i.e. cracking this MD5 was childsplay, they might as well have stored the passwords in plain text.

  4. Destroy All Monsters Silver badge
    Paris Hilton

    "There’s no excuse for using encryption this weak; it’s just bad security."

    Calling the MD5 hash function "encryption" is just fuzzy terminology.

    Where's the salt?

    P.S.: http://isc.sans.edu/tools/reversehash.html

    1. Anonymous Coward
      Anonymous Coward

      Not merely fuzzy terminology.

      Not coming from the CTO of a "network security" company. He's just exposed failing to do his homework. Failing to do the homework, by the by, is one major reason for crypto-related breaches.

  5. Trapped
    Mushroom

    Passwords are distroying the world

    It is just annoying the fact that we are still living in a password world. Almost everything is still only password protected. But ultimately the fact is passwords (strong or not) do not replace the need for other effective security control. As was stated passwords are useless, outdated, and a security risk. That same organization understood that only real solution is the need to add additional layers of authentication for access and transaction verification without unreasonable complexity and this will of help to their customers if they implement some form of a two-step or two-factor authentication were you can telesign into your account and have the security knowing you are protected if your password were to be stolen. This should be a prerequisite to any system that wants to promote itself as being secure. With this if they were to try to use the “stolen” password and don’t have your phone nor are on the computer, smartphone or tablet you have designated trusted, they would not be able to enter the account.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020