1. 8,512

    57
    Front-page
    2803DC82-6101-4E0A-AAC9-ED807FA3011D.png

    The once-beloved romsite, Emuparadise, has suffered a data breach. It seems a few months before the site had announced it would be removing all warez, account information of over 1 million users of its users had been breached. Haveibeenpwned, a website dedicated to tracking compromised accounts, has just reported that Emuparadise was involved in such an event. The breach took place in April 2018, though it seems this was only revealed now, as those who have accounts on the Emuparadise forums have been receiving emails this morning from Haveibeenpwned denoting a security issue. 1,131,299 registered accounts have been affected. As always, whenever these data breaches occur, it’s wise to check if you were part of the leaked accounts, and to change your passwords immediately if so.

    :arrow: Source
     
    CORE, Mr. Looigi, aMp and 9 others like this.
  2. Discussion (57 replies)

  3. gudenau

    gudenau Largely ignored
    Member

    Joined:
    Jul 7, 2010
    Messages:
    3,656
    Country:
    United States
    MD5 though.

    People don't seem to understand security. MD5 has been considered unsafe for years, possibly decades.
     
  4. Ev1lbl0w

    Ev1lbl0w GBAtemp Regular
    Member

    Joined:
    Dec 19, 2014
    Messages:
    269
    Country:
    Portugal
    MD5 was deprecated 5 years ago, jeeze, all those passwords are good as cracked. I'm really concerned with security measures these days...
     
  5. JFizDaWiz

    JFizDaWiz GBAtemp Regular
    Member

    Joined:
    Jun 6, 2014
    Messages:
    239
    Country:
    United States
    i don't remember my password there anymore, well that's probably good because if it isn't any of the ones i used to use it was created specifically for that site and nowhere else.
     
  6. NoNAND

    NoNAND Give me back my legions!
    Member

    Joined:
    Aug 22, 2015
    Messages:
    2,135
    Country:
    Albania
    Luckily all I used that website for was for downloading some roms here and there. Never bothered to involve myself with their community. Not saying that I hold a grudge against them.
     
  7. tech3475

    tech3475 GBAtemp Addict
    Member

    Joined:
    Jun 12, 2009
    Messages:
    2,016
    Country:
    Use a password manager, every site should have their own password.
     
  8. Mark McDonut

    Mark McDonut GBATemp's Resident Ghostbuster
    Member

    Joined:
    Oct 8, 2008
    Messages:
    824
    Country:
    United States
    just checked and had a custom username and custom password for that site so i'm not worried.

    don't they not even have roms anymore?
     
  9. Ev1l0rd

    Ev1l0rd (⌐◥▶◀◤) Developer - noirscape
    Member

    Joined:
    Oct 26, 2015
    Messages:
    1,995
    Country:
    Netherlands
    It's a VBulletin board. VBulletin is ~10+ years old. They also probably can't change the hash type without forcing a password reset across their entire userbase which is probably also not feasible for them.
     
  10. H1B1Esquire

    H1B1Esquire RxTools, the ultimate CFW machine.
    Member

    Joined:
    Nov 2, 2016
    Messages:
    3,556
    Country:
    United States
    Definitely glad I knew there was a chance this could happen, which is why you make throw-away accounts, folks.
     
  11. proffk

    proffk GBAtemp Advanced Fan
    Member

    Joined:
    Aug 14, 2013
    Messages:
    519
    Country:
    United Kingdom
    Removed roms they are still there in cache. You can add a script some some dude made & you can still download them. Still a data breach is bad news for those affected.
     
  12. yusuo

    yusuo GBAtemp Psycho!
    Member

    Joined:
    Oct 19, 2006
    Messages:
    3,327
    Country:
    United States
    Apparently I'm one of those affected, good thing I use a spam email and a generic password for sites like that.
     
    H1B1Esquire likes this.
  13. FAST6191

    FAST6191 Techromancer
    Reporter

    Joined:
    Nov 21, 2005
    Messages:
    31,962
    Country:
    United Kingdom
    Why is salted MD5 so bad here? I get if they had used it as part of a HMAC setup, SSL cert or something (forcing a collision being just about in the realm of any competent actor these days if you steal an AWS login or something) but is a hopefully unique per user salt with the pass MD5 hashed that much worse than sha1 or just about any vaguely useful hash method for a password in a leak scenario? More secure hash methods are typically not much more computationally expensive and rainbow tables can still be generated, especially if you are limiting to typical password dictionary stuff rather than every character permutation. Are we expecting so many high value targets that tables are made for each salt and the marginal power/storage differences to come into play?
     
  14. DRAGONBALLVINTAGE

    DRAGONBALLVINTAGE The GBATemp Hacker
    Member

    Joined:
    Jun 27, 2017
    Messages:
    734
    Country:
    United States
    Nintendo Sent Out The Ninjas:ninja:
     
  15. the_randomizer

    the_randomizer The Temp's official fox whisperer
    Member

    Joined:
    Apr 29, 2011
    Messages:
    30,011
    Country:
    United States
    Well someone spilled soda on the server. Nice going, fellas.
     
  16. Sonic Angel Knight

    Sonic Angel Knight GBAtemp Legend
    Member

    Joined:
    May 27, 2016
    Messages:
    13,717
    Country:
    United States
    We're allowed to talk about that site and even call it buy it's full name now since it doesn't have roms for download. :ninja:
     
    Deleted_413010 and Ev1lbl0w like this.
  17. DANTENDO

    DANTENDO I Won year sub Edge mag 1996 hot topic digitiser
    Member

    Joined:
    Mar 10, 2019
    Messages:
    2,680
    Country:
    United Kingdom
    Now known as emuparanoia:lol:
     
    atoxique, Ev1lbl0w and NutymcNuty like this.
  18. masagrator

    masagrator The developper
    Member

    Joined:
    Oct 14, 2018
    Messages:
    3,550
    Country:
    Poland
    There were many cases like this and sites just asked to change password if they want to continue using site. New password was stored in new hash.
     
  19. the_randomizer

    the_randomizer The Temp's official fox whisperer
    Member

    Joined:
    Apr 29, 2011
    Messages:
    30,011
    Country:
    United States
    Oh really? Huh, because I was able to uh.... well, find something to use and... managed to procure... never mind.
     
    atoxique and Silent_Gunner like this.
  20. tech3475

    tech3475 GBAtemp Addict
    Member

    Joined:
    Jun 12, 2009
    Messages:
    2,016
    Country:
    If it's anything like xbins, mentioning the name is ok but not direct links to copyrighted material.
     
    osaka35 likes this.
  21. Justinde75

    Justinde75 Capsule Co's VGM Addict
    Member

    Joined:
    Feb 14, 2016
    Messages:
    2,405
    Country:
    Germany
    Damn rip, good thing I changed my password in all sites I use a long time ago
     
Loading...

Hide similar threads Similar threads with keywords - Emuparadise, accounts, affected