Faulty protection aids theft of 33 million accounts from Evony


The long list of massive hacks continues to grow, as online gaming platform Evony experienced not one but two hacks in two months. Usernames, emails, passwords and IPs of more than 33 million user accounts were leaked online after hackers got into the system in June.

Apparently, it wasn’t difficult for hackers to attack the main database because the platform was not using advanced encryption and the users had weak and repetitive passwords. For example, “123456” is one of the most common passwords, used in 714,466 cases. One user had a 49-character password, still weak and easy to crack because it was only in lowercase.

“Passwords were stored using unsalted MD5 hashing” and they stored them “in unsalted SHA1 next to the MD5 which makes no sense,” says LeakedSource.

The gaming platform experienced another hack on its forum, which was attacked in August, compromising 938,000 users.

Online safety is not something to joke about. This attack was on a gaming platform, but others involve banks or government secrets. Users have no control over how platforms protect the data they store, but there are some tips for proper online behavior. If you notice any strange .exe files, don’t run them.

Passwords are the most important. Although it’s difficult to remember some 20 passwords for 20 different accounts, never reuse a password. For each account, use strong passwords with at least seven characters that incorporate both upper and lowercase letters and numbers and symbols. Avoid using real words because your password will be easier to hack thanks to a technique called dictionary attack.

Leave a Reply