Emuparadise suffers data breach, 1.1 million accounts affected

Discussion in 'GBAtemp & Scene News' started by Chary, Jun 9, 2019.


    6,945

    57
    Front-page
    2803DC82-6101-4E0A-AAC9-ED807FA3011D.

    The once-beloved romsite, Emuparadise, has suffered a data breach. It seems a few months before the site had announced it would be removing all warez, account information of over 1 million users of its users had been breached. Haveibeenpwned, a website dedicated to tracking compromised accounts, has just reported that Emuparadise was involved in such an event. The breach took place in April 2018, though it seems this was only revealed now, as those who have accounts on the Emuparadise forums have been receiving emails this morning from Haveibeenpwned denoting a security issue. 1,131,299 registered accounts have been affected. As always, whenever these data breaches occur, it’s wise to check if you were part of the leaked accounts, and to change your passwords immediately if so.

    :arrow: Source
     
    CORE, Mr. Looigi, aMp and 9 others like this.
    Discussion (57 replies)
  1. gudenau

    gudenau Largely ignored

    Member
    10
    GBAtemp Patron
    gudenau is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jul 7, 2010
    United States
    /dev/random
    MD5 though.

    People don't seem to understand security. MD5 has been considered unsafe for years, possibly decades.
     
  2. Ev1lbl0w

    Ev1lbl0w GBAtemp Regular

    Member
    5
    Dec 19, 2014
    Portugal
    MD5 was deprecated 5 years ago, jeeze, all those passwords are good as cracked. I'm really concerned with security measures these days...
     
  3. JFizDaWiz

    JFizDaWiz Advanced Member

    Newcomer
    4
    Jun 6, 2014
    United States
    Ohio
    i don't remember my password there anymore, well that's probably good because if it isn't any of the ones i used to use it was created specifically for that site and nowhere else.
     
  4. NoNAND

    NoNAND GBAtemp's Official NAND/emuMMC multipurpose tool

    Member
    10
    Aug 22, 2015
    Antarctica
    Area 51
    Luckily all I used that website for was for downloading some roms here and there. Never bothered to involve myself with their community. Not saying that I hold a grudge against them.
     
  5. tech3475

    tech3475 GBAtemp Advanced Maniac

    Member
    8
    Jun 12, 2009
    Use a password manager, every site should have their own password.
     
  6. Mark McDonut

    Mark McDonut GBATemp's Resident Ghostbuster

    Member
    6
    Oct 8, 2008
    United States
    just checked and had a custom username and custom password for that site so i'm not worried.

    don't they not even have roms anymore?
     
  7. Ev1l0rd

    Ev1l0rd (⌐◥▶◀◤) Developer - noirscape

    Member
    10
    Oct 26, 2015
    Netherlands
    Site 19
    It's a VBulletin board. VBulletin is ~10+ years old. They also probably can't change the hash type without forcing a password reset across their entire userbase which is probably also not feasible for them.
     
  8. H1B1Esquire

    H1B1Esquire RxTools, the ultimate CFW machine.

    Member
    9
    Nov 2, 2016
    United States
    Earth, bro-dude.
    Definitely glad I knew there was a chance this could happen, which is why you make throw-away accounts, folks.
     
  9. proffk

    proffk GBAtemp Fan

    Member
    4
    Aug 14, 2013
    United States
    Removed roms they are still there in cache. You can add a script some some dude made & you can still download them. Still a data breach is bad news for those affected.
     
  10. yusuo

    yusuo Jam Master Jay

    Member
    11
    Oct 19, 2006
    United States
    Apparently I'm one of those affected, good thing I use a spam email and a generic password for sites like that.
     
    H1B1Esquire likes this.
  11. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23
    Nov 21, 2005
    United Kingdom
    Why is salted MD5 so bad here? I get if they had used it as part of a HMAC setup, SSL cert or something (forcing a collision being just about in the realm of any competent actor these days if you steal an AWS login or something) but is a hopefully unique per user salt with the pass MD5 hashed that much worse than sha1 or just about any vaguely useful hash method for a password in a leak scenario? More secure hash methods are typically not much more computationally expensive and rainbow tables can still be generated, especially if you are limiting to typical password dictionary stuff rather than every character permutation. Are we expecting so many high value targets that tables are made for each salt and the marginal power/storage differences to come into play?
     
  12. DRAGONBALLVINTAGE

    DRAGONBALLVINTAGE R.I.P GBATEMP :(

    Member
    8
    Jun 27, 2017
    United States
    Sacred World of the Kai
    Nintendo Sent Out The Ninjas:ninja:
     
  13. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    24
    GBAtemp Patron
    the_randomizer is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Well someone spilled soda on the server. Nice going, fellas.
     
  14. Sonic Angel Knight

    Sonic Angel Knight GBAtemp Legend

    Member
    18
    May 27, 2016
    United States
    New York
    We're allowed to talk about that site and even call it buy it's full name now since it doesn't have roms for download. :ninja:
     
    Deleted_413010 and Ev1lbl0w like this.
  15. DANTENDO

    DANTENDO I Won year sub Edge mag 1996 hot topic digitiser

    Member
    6
    Mar 10, 2019
    United Kingdom
    Now known as emuparanoia:lol:
     
    atoxique, Ev1lbl0w and NutymcNuty like this.
  16. masagrator

    masagrator File digger

    Member
    8
    Oct 14, 2018
    Poland
    There were many cases like this and sites just asked to change password if they want to continue using site. New password was stored in new hash.
     
  17. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    24
    GBAtemp Patron
    the_randomizer is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Apr 29, 2011
    United States
    Dr. Wahwee's castle
    Oh really? Huh, because I was able to uh.... well, find something to use and... managed to procure... never mind.
     
    atoxique and Silent_Gunner like this.
  18. tech3475

    tech3475 GBAtemp Advanced Maniac

    Member
    8
    Jun 12, 2009
    If it's anything like xbins, mentioning the name is ok but not direct links to copyrighted material.
     
    osaka35 likes this.
  19. Justinde75

    Justinde75 Capsule Co's VGM Addict

    Member
    10
    GBAtemp Patron
    Justinde75 is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Feb 14, 2016
    Germany
    West City
    Damn rip, good thing I changed my password in all sites I use a long time ago
     
Loading...