Gamigo has been suffering a slow leak of information since the free-to-play website was hacked some months ago. The true scope of the leak is breathtaking. Around 8-million passwords have been posted to a hacker site, along with other account information snippets. Although Gamigo forced users to change their passwords after discovering the initial breach, people often use the same password over all their online accounts, which leads to further compromises down the road. As always, folks, change your passwords regularly, and use a different login on every site. Forbes has the story.
If hackers would turn this sort of energy to, say, crunching SETI data, we would have found the aliens by now. The real point here is that we’re not even close to real security for our online accounts, and you should be careful of any information you put out there on the internet.
That’s an epic number of accounts leaked. No doubt, companies who keep user credentials are going to start having to think about safer storage — or at least separating the tables that contain passwords and usernames and encrypting those tables entirely. This would make it difficult to get directly at the hashed passwords (or even usernames and e-mails.) It might slow logging in down by a few milliseconds; but that would be a positive discouragement to attackers.