Retro video game website Emuparadise revealed to have suffered a data breach that exposed 1.1 Million accounts back in April 2018.

Emuparadise is a website that offers tons of roms, isos and retro video games, users can download and play them with an emulator or play them with the web browser.

The security breach occurred in April 2018 and exposed account information for approximately 1.1 million Emuparadise forum members.

Since August 2018, Emuparadise no longer host game ROMs, anyway it continued to offer any kind of info for retro video games and operated community forums.

Over the weekend, some Emuparadise forum members reported to have received data breach notification notices from the popular services Have I Been Pwned and HackNotice . The notices notify them of the security breach and inform them that their data were exposed as part of the data breach that occurred in April 2018.

The notice issued by the service Have I Been Pwned states that 1,131,229 accounts from Emuparadise forums were exposed in an incident occurred in April 2018. The forums run on a vBulletin CMS, a very popular platform, but older versions are known to be vulnerable to several issues.

HIBP received the data from dehashed.com on June 9th, 2019, exposed info includes mail addresses, IP address, usernames and passwords stored as salted MD5 hashes.

“In April 2018, the self-proclaimed “biggest retro gaming website on earth”, Emupardise, suffered a date breach.” states Have I Been Pwned. “The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes.

At the time of writing, it is not known how DeHashed obtained the huge trove of data.

Experts pointed out that Emuparadise data are offered for sale in the cybercrime underground and on hacking forums since early 2019.

Pierluigi Paganini

( SecurityAffairs – Emuparadise, hacking)

Share this...

Linkedin Reddit Pinterest

Share On