Online gambling or “gaming” has been around for years. Users of these sites typically have user accounts. Unfortunately these user accounts are just as vulnerable to hackers as any other website and the Gamigo breach is a textbook example.
Gamigo was hacked four months ago when over eight million (8,000,000) user names, email addresses, and passwords were lost. (See Note 1). This particular account breach has been dubbed the largest so far for 2012. Interest in the breach was renewed when just this month the passwords were posted online to a hacker forum site. Ironically, this website was the same hacker site that the LinkedIn passwords were posted on last month. (See Note 2).
The original breach was discovered back in March 2012. Gamigo took immediate precautions to mitigate further damages by requiring all users to change their passwords in order to gain entry to the site. (See Note 3).
In total approximately 8,200,000 passwords were lost. (See Note 1). Of these lost passwords three million (3,000,000) were from the United States, two million four hundred thousand (2,400,000) were from Germany, and one million three hundred thousand (1,300,000) were from France. Id. Luckily the information was not stored in plain text. Instead, this information was at least stored using hashing security measures. (See Note 4). While not the best security available, it was better than nothing at all. Whether or not the passwords were in fact successfully decoded is still unknown.
While the posting of the passwords took four (4) months to go public, there are still concerns for those who lost their information. The delay can still create problems for some careless users. If users who used the same passwords for multiple accounts failed to change their other passwords when they changed the Gamigo passwords, then subsequent account breaches could still occur.
It is always a good idea to have multiple passwords for use in your online accounts. Never use the same password for multiple sites. If your account is ever breached then hackers could gain access to your other accounts. If you are guilty of this bad practice then do yourself a favor and go change your passwords now. It may save you some time and money down the road.
For additional information please email Ian Friedman at firstname.lastname@example.org or visit www.faflegal.com.
1. Andy Greenberg, Eight Million Email Addresses and Passwords Spilled from Gaming Site Gamigo Months After Hacker Breach, FORBES.COM (2012), http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passw…
2. Darren Pauli, Hackers Loot German Gaming Site Gamigo of 8m Passwords, SCMAGAZINE.COM (2012), http://www.scmagazine.com/hackers-loot-german-gaming-site-gamigo-of-8m-p….
3. For additional information see Ian Friedman, LinkedIn and eHarmony Hacked: Can I please get some salt to go with that hash?, pingroof.com (2012), http://pingroof.com/article/linkedin-eharmony-hacked-can-i-get-some-…
4. “Hashing” data involves using a hash generator to convert the information into a unique series of characters based on a predetermined algorithm. However, hashing alone is not an adequate level of security. That is where salting comes into play. “Salting” adds an even more complicated additional layer of protection by taking hashed data and then adding a series of random characters to further obscure the data. Salting is a “widely recognized best practice” in the industry. Vicente Silveira, An Update on Taking Steps to Protect Our Members, LINKEDIN (2012), http://blog.linkedin.com/2012/06/09/an-update-on-taking-steps-to-protect…. Although salting is not the highest level of security as other more advanced approaches are available.