Add one more password security fail to the pile! Yet another company has fallen afoul of Security 101 rules for storing passwords. The result is the largest breach so far this year. The hackers responsible have posted a file with 11 million password hashes belonging to users of Gamigo, an online games publisher, along with over 8 million users’ email addresses. This affects users from around the world, including around 3 million from the US.
This password dump file was posted to the same forum as the earlier breaches from LinkedIn, eHarmony and Last.fm, implying that this may be the same group responsible. It appears to be from a security incident from March of this year, which Gamigo alerted its users to at that time, forcing them to reset their passwords. They have found no evidence at this time that indicates the posted information contains any details newer than that event.
It’s advised that if you are a Gamigo user, you should ensure that your password on that site is new since March. If you have used the same username and password on any other sites, it’s important for you to change those as well. Keep an eye out for phishing attempts, which often come after such breaches. Do not follow links in emails, but go directly to Gamigo to change your password.