Evony gaming company had its website and forum breached and as a result 33 million of its gamers had their accounts stolen.
In June 2016, the official website of Evony gaming company suffered a massive data breach in which 33,407,472 of its registered user accounts were stolen. Things couldn’t go worse when in August 2016, the gaming site suffered another data breach on its forum in which 938,000 of its registered accounts were stolen.
Now, the data breach notification website LeakedSource has discovered the stolen Evony data that includes usernames, email addresses, unsalted MD5 and SHA-1 (Secure Hash Algorithm 1) passwords and IP addresses of 33 million gamers.
Evony also lets users sign in with Facebook Connect, a single sign-on application which allows users to interact with other websites through their Facebook account. This means the stolen account may also include if not millions then at least thousands of Facebook login credentials.
Evony is known for its Evony: Age II game which, according to developer’s site is played by 18 Million Players in over 167 countries, however, it is still unclear if the company had ever issued any security notice to its registered users about the breach.
According to LeakedSource’s blog post, the passwords are very easy to crack and most of them have already been cracked. The analysis shows that 123456 was the most used password on the gaming site while @Yahoo.com was one of the most used email domains.