When German gaming website Gamigo was breached in February this year, they reacted by sharing the fact with their users, warning that user information such as usernames and encrypted passwords was stolen, and by forcing a password reset for all its user base.
Now, almost five months later, a huge batch – over 8.2 million, to be exact – of what appear to be Gamigo user login credentials and email addresses has been made available on a forum on the password-cracking website Inside Pro.
While the likelihood that these credentials will work for compromising Gamigo user accounts is not huge, the problem is that too many users recycle their passwords on multiple sites.
And as the batch contains email addresses from Gmail, Hotmail, Yahoo, and also of big companies such as ExxonMobil, IBM, Siemens, Allianz, and others, the fear is that many of those email accounts could be easily accessed by malicious individuals.
According to Emil Protalinski, the link to the file containing all this information is currently dead, but PwnedList managed to download it and index it, and they say that 3 million of the compromised credentials belonged to US users, 1.3 million to French ones, 2.4 to German ones and some 100,000 were t-online.de accounts.
“A data breach essentially means that something’s happened that could put you at risk for identity theft. We don’t have good statistics on how many breaches actually turn into fraud because it’s difficult to pinpoint when, how, and where information might have been compromised,” Ed Goodman, chief privacy officer with Identity Theft 911, commented for Help Net Security. “This is a perfect example of how thieves will ‘bank’ stolen data for months or years before using it.”
Data breaches obviously can’t be stopped from happening for the time being, so what can you do keep yourself safe?
“Keep up your good data-management habits—shred sensitive documents and destroy electronic storage devices before recycling them, use strong passwords on all of your accounts, use a locking mailbox, and take advantage of the Do Not Call and Do Not Mail registries,” says Goodman, and adds that reviewing your free credit reports every year is also a must.