Front-page

Emuparadise suffers data breach, 1.1 million accounts affected

2803DC82-6101-4E0A-AAC9-ED807FA3011D.png

The once-beloved romsite, Emuparadise, has suffered a data breach. It seems a few months before the site had announced it would be removing all warez, account information of over 1 million users of its users had been breached. Haveibeenpwned, a website dedicated to tracking compromised accounts, has just reported that Emuparadise was involved in such an event. The breach took place in April 2018, though it seems this was only revealed now, as those who have accounts on the Emuparadise forums have been receiving emails this morning from Haveibeenpwned denoting a security issue. 1,131,299 registered accounts have been affected. As always, whenever these data breaches occur, it’s wise to check if you were part of the leaked accounts, and to change your passwords immediately if so.

Emuparadise: In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emupardise suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Compromised data: Email addresses, IP addresses, Passwords, Usernames
Click to expand...

:arrow: Source
 
  • Like
Reactions: CORE, Mama Looigi, aMp and 9 others
Click to expand...
Mark McDonut

Mark McDonut

GBATemp's Resident Ghostbuster
Member
Level 10
Joined
Oct 8, 2008
Messages
855
Trophies
1
XP
2,206
Country
United States
just checked and had a custom username and custom password for that site so i'm not worried.

don't they not even have roms anymore?
 
Ev1l0rd

Ev1l0rd

(⌐◥▶◀◤) girl - noirscape
Member
Level 13
Joined
Oct 26, 2015
Messages
2,004
Trophies
1
Location
Site 19
Website
catgirlsin.space
XP
3,441
Country
Netherlands
Ev1lbl0w said:
MD5 was deprecated 5 years ago, jeeze, all those passwords are good as cracked. I'm really concerned with security measures these days...
Click to expand...
It's a VBulletin board. VBulletin is ~10+ years old. They also probably can't change the hash type without forcing a password reset across their entire userbase which is probably also not feasible for them.
 
  • Like
Reactions: atoxique, Ev1lbl0w, d4mation and 1 other person
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,321
Country
United Kingdom
Why is salted MD5 so bad here? I get if they had used it as part of a HMAC setup, SSL cert or something (forcing a collision being just about in the realm of any competent actor these days if you steal an AWS login or something) but is a hopefully unique per user salt with the pass MD5 hashed that much worse than sha1 or just about any vaguely useful hash method for a password in a leak scenario? More secure hash methods are typically not much more computationally expensive and rainbow tables can still be generated, especially if you are limiting to typical password dictionary stuff rather than every character permutation. Are we expecting so many high value targets that tables are made for each salt and the marginal power/storage differences to come into play?
 
masagrator

masagrator

The patches guy
Developer
Level 22
Joined
Oct 14, 2018
Messages
6,263
Trophies
3
XP
12,019
Country
Poland
Ev1l0rd said:
It's a VBulletin board. VBulletin is ~10+ years old. They also probably can't change the hash type without forcing a password reset across their entire userbase which is probably also not feasible for them.
Click to expand...
There were many cases like this and sites just asked to change password if they want to continue using site. New password was stored in new hash.
 
the_randomizer

the_randomizer

The Temp's official fox whisperer
Member
Level 27
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
38
Location
Dr. Wahwee's castle
XP
18,969
Country
United States
Sonic Angel Knight said:
We're allowed to talk about that site and even call it buy it's full name now since it doesn't have roms for download. :ninja:
Click to expand...

Oh really? Huh, because I was able to uh.... well, find something to use and... managed to procure... never mind.
 
  • Like
Reactions: atoxique and Silent_Gunner

Site & Scene News

Go to forum More news

Popular threads in this forum

Nintendo Switch firmware 18.0.0 has been released

GitLab has taken down the Suyu Nintendo Switch emulator

Atmosphere CFW for Switch updated to pre-release version 1.7.0, adds support for firmware 18.0.0

Wii U and 3DS online services shutting down today, but Pretendo is here to save the day

Denuvo unveils new technology "TraceMark" aimed to watermark and easily trace leaked games

GBAtemp Exclusive  Introducing tempBOT AI - your new virtual GBAtemp companion and aide (April Fools)

Pokemon fangame hosting website "Relic Castle" taken down by The Pokemon Company

MisterFPGA has been updated to include an official release for its Nintendo 64 core

General chit-chat
Help Users
    K3Nv2 @ K3Nv2: https://youtu.be/IihvJBjUpNE?si=CsvoEbwzNKFf0GAm cool