The Emuparadise retro gaming site has been reported to have suffered a data breach in April 2018. This breach exposed account information for approximately 1.1 million Emuparadise forum members.

Emuparadise is a retro gaming site that used to host ROMs for retro games that could be used in emulators. In August 2018, Emuparadise decided to no longer host game ROMs, but continued as a retro gaming database with community forums.

Over the weekend, people have been reporting receiving notices from Have I Been Pwned and HackNotice stateing that their information was found as part of a Emuparadise data breach in April 2018.

Tweet about a Emuparadise HIBP Notice

According to haveibeenpwned.com, they received a database from DeHashed.com on June 9th, 2019, that consists of 1,131,229 accounts from an alleged hack of the Emuparadise vBulletin forums in April 2018. The account information found in this database included email addresses, IP address, password stored as salted MD5 hashes, and usernames.

"In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emupardise suffered a date breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com."

It is not known how DeHashed gained access to this database, but users of hacker forums have been offering to sell or trade an Emuparadise database since January 2019, if not earlier.

Emuparadise Database Being Offered on Hacking Forums

BleepingComputer has contacted DeHashed and Emuparadise with questions regarding this breach and the database, but had not heard back as of yet.