- Emuparadise had suffered a big data breach last year, but no users got to know about it until now.
- The revelation came through DeHashed and haveibeenpwned.com, who started sending users notices.
- The database was for sale since January, including user email addresses and passwords.
Emuparadise is a popular online portal where people could once find ROMs and ISOs of old, retro video games (game images are no longer available there). The website offers emulators, game music, books, comics, TV shows (relevant to games), and a lot more. From Play Station 2 to NES, and from MAME to Gameboy Advance, Emurapadise has it all, and this is why it’s so popular and self-proclaimed “biggest retro gaming website on Earth”. Unfortunately, though, the site has apparently suffered a data breach that took place back in April 2018, and the users just got to know about. It is unclear if the website administrators ever realized what happened, as there has been no official announcement on the matter yet.
The revelation of the breach came through haveibeenpwned.com, the easy to use checker which monitors the dark web for user data that is on sale, and warns people about their risk potential. The platform defines the breach date as 1 April 2018 and claims that the compromised accounts are 1131229, containing email addresses, IP addresses, passwords, and usernames. HaveIBeenPwned got the relevant tip from DeHashed, who also clarified that the particular user database has been on sale on darknet forums since January 2019.
— a.k.a. ㋐SUKA (@Merilethal) June 9, 2019
The emuparadise database is actually sold as part of a humongous user data pack, which also includes Minecraft databases, Runescape databases, an Epic Games database, a Snail Games dump, and 7 million of Town of Salem user passwords and emails. This shows how crooks like the bundle relevant data together, creating larger and more valuable items for sale that focus on the same topic/theme. This time, it’s gaming, and buyers could be people who want to get access to valuable player accounts, or just for phishing and extortion.
If you had an account there, you should consider if the password was unique to that platform or not. If it wasn’t, or even if you’re unsure, change your passwords everywhere and minimize the stuffing attack risks. The database has been for sale since January, so there are quite many malicious actors out there who have your email and passwords in their hands. Finally, don’t hesitate to pick a reliable password manager and never have to deal with that danger again in the future, no matter what breach may occur on any of the websites you like to hang around.