The file appeared in the same forum which had previously circulated millions of password hashes from Linkedin, Last.fm, eHarmony and other web sites. One user of the forum has claimed to have cracked 94 per cent of the MD-5 hashes in a trivial amount of time. The fact that it was possible to crack the hashes this quickly would suggest that they were not salted. A hacker who goes by the pseudonym 8in4ry_Munch3r is believed to be behind the attack.
Gamigo, which is a subsidiary of the German Axel Springer publishing group, has confirmed to The H’s associates at heise Security that the data contained in the file is authentic. The company has stated that it noticed a “security-related incident” in March 2012 in which an older version of a database was copied off its servers. Gamigo says it immediately contacted the affected members and reset the passwords to their accounts. The company also says it took the affected database offline and initiated “a comprehensive security audit”. Now that the data has been leaked, the company wants to look at the incident again.
Users who are registered with Gamigo and have used the same password at other web sites should immediately change their logins. Generally, using the same password with several online services is a bad idea as a break-in at one web site means that many of the user’s accounts are suddenly at risk.