The once-beloved romsite, Emuparadise, has suffered a data breach. It seems a few months before the site had announced it would be removing all warez, account information of over 1 million users of its users had been breached. Haveibeenpwned, a website dedicated to tracking compromised accounts, has just reported that Emuparadise was involved in such an event. The breach took place in April 2018, though it seems this was only revealed now, as those who have accounts on the Emuparadise forums have been receiving emails this morning from Haveibeenpwned denoting a security issue. 1,131,299 registered accounts have been affected. As always, whenever these data breaches occur, it’s wise to check if you were part of the leaked accounts, and to change your passwords immediately if so.

Emuparadise: In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emupardise suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Source

 

[AkitoTheHedgy]

Press F for all the accounts hacked. You guys will be... Oh idk.

 

[PatriarchJimmyG]

Thank god i never created an account lol seems scary to get your info stolen.

 

[osaka35]

Never created an account, pretty sure. I just assume my password is never safe anywhere. I have a different one for everyone of them, just assume they're all terrible on security. Ain't no lock a dedicated lockpicker can't get past. Does make it harder on the less talented tho.

If it's anything like xbins, mentioning the name is ok but not direct links to copyrighted material.

Yeah, copright laws got weirder. You are now responsible for any link or files on your website, even if it's posted by someone else without your knowledge. And links to infringing material means the entire website is liable. Even in private messages or whatnot.

Sayingthe name of the places that..share..is, well, technically fine. but if some big company wants to throw their weight around, there's no real way to defend against it. So while not technically against copyright, most folks like to be overly cautious. These some dark times for the internet. Since the internet is mostly global, got to appeal to the strictest laws.so that's fun too.

least that's my understanding. Feel free to correct me if I'm wrong about that.

 

[Essasetic]

Yikes. I think I had an account on there at one point (but it was from years ago and a different account name and password I have now).

 

[Jayro]

Why would anyone need an account on a site that's closed anyway?

 

[Deleted User]

i never even used my account, i was pwned but it doesnt matter anyway, i was planning on downloading soundtracks but it still didnt let me even with an account lol.

 

[PrincessLillie]

Ah god damnit, I got caught in this one.
And this, ladies and gentlemen, is why we use a password manager. Every site, no matter how trustworthy or secure, needs its own password. I recommend Bitwarden if you're still looking for one.

 

[chaoskagami]

MD5 though.

People don't seem to understand security. MD5 has been considered unsafe for years, possibly decades.

This is why on any site like this, you should be using throwaway accounts with no relation to your usual identity. Sign up with 10minutemail and use a deliberately shit password - it's not like you should be using the forums on such an obviously skeezy place.

We're allowed to talk about that site and even call it buy it's full name now since it doesn't have roms for download.

Emuparadise still hosts copyrighted content. They just pretend not to. There's a userscript available via an easy google that rewrites ROM links to directly reference their backend server. So no, unless they actually break said script, they're not safe to link here.

 

[Sonic Angel Knight]

Emuparadise still hosts copyrighted content. They just pretend not to. There's a userscript available via an easy google that rewrites ROM links to directly reference their backend server. So no, unless they actually break said script, they're not safe to link here.

This is news to me.

 

[chaoskagami]

This is news to me.

Go google "emuparadise userscript." On duckduckgo at least, it's the second result (on a specific subreddit.)

To be clear, I'm not recommending downloading infringing content, merely making it clear such a thing exists. The userscript itself contains no copyrighted content, but I'm not providing any links for safety's sake.

 

[slaphappygamer]

I’ve been pwned on 11 sites. How do I know which ones? I’ve been using this email for the last 20 years.

 

[Pluupy]

Emuparadise is now on "haveIbeenpwned"

https://haveibeenpwned.com/PwnedWebsites

Why would anyone need an account on a site that's closed anyway?

They're not closed? They just don't distribute copyrighted content anymore.

 

[chaoskagami]

Emuparadise is now on "haveIbeenpwned"

https://haveibeenpwned.com/PwnedWebsites


They're not closed? They just don't distribute copyrighted content anymore.

Emuparadise still hosts copyrighted content. They just pretend not to. There's a userscript available via an easy google that rewrites ROM links to directly reference their backend server.

 

[Pluupy]

That's not distributing content. That's people hacking into their servers to access content not accessible to users.

 

[the_randomizer]

Emuparadise is now on "haveIbeenpwned"

https://haveibeenpwned.com/PwnedWebsites


They're not closed? They just don't distribute copyrighted content anymore.

Well, for the record, they don't. But off the record, there are still ways.

 

[DinohScene]

Don't even think I had an account on there...

 

[chaoskagami]

That's not distributing content. That's people hacking into their servers to access content not accessible to users.

Uh...no? Greasemonkey scripts are executed clientside and only modify the served page content. There is no "hacking" here. If this is hacking, so are adblockers.

I'd be inclined to agree if they attempted to stop distribution of said script or took the backend servers offline, but they have not. Therefore, they're complicit. Aside from that, even if it were hacking, this is a rom site and it's already unquestionably illegal. They're not capable of invoking the CFAA/whatever without incriminating themselves, so any argument to that effect is invalid. They still host roms.

 

[RaptorDMG]

I noticed when my github was accessed this morning by someone from Kyrgyzstan so I reset my password and nothing was modified or deleted thankfully, it was one of the few sites using my old password as I created a password convention after my rockstar account was hacked last July.

 

[raxadian]

Thankfully I never had an account there.

 

[CTR640]

I had no idea Emuparadise still is alive, well now they don't lol. Last time I downloaded a gba rom was waaaay before a smartphone was a thing.