Dropbox

Dropbox

The Evony gaming company's website and forum were breached, exposing the personal information of 33 million players.

A second hack of the website occurred two months later, this time targeting the Evony forum and exposing the personal information of 938,000 registered users.

Among other internal data fields, each record has an IP address, password, email address, and username. Whenever a user appears in a breach, they can now receive notifications.

Because the passwords were saved in unsalted MD5 and SHA-1 (Secure Hash Algorithm 1), hackers can easily decrypt them.

Source: https://securityaffairs.com/51908/data-breach/dropbox-data-breach-2.html

TPRM report: https://scoringcyber.rankiteo.com/company/dropbox

"id": "dro202051123",
"linkid": "dropbox",
"type": "Breach",
"date": "10/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': ['33 million players',
                                               '938,000 registered users'],
                        'industry': 'Gaming',
                        'name': 'Evony',
                        'type': 'Gaming Company'}],
 'attack_vector': ['Website', 'Forum'],
 'data_breach': {'data_encryption': 'Weak (unsalted MD5 and SHA-1)',
                 'number_of_records_exposed': ['33 million', '938,000'],
                 'personally_identifiable_information': ['IP address',
                                                         'email address',
                                                         'username'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['IP address',
                                              'password',
                                              'email address',
                                              'username']},
 'description': "The Evony gaming company's website and forum were breached, "
                'exposing the personal information of 33 million players. A '
                'second hack occurred two months later, targeting the Evony '
                'forum and exposing the personal information of 938,000 '
                'registered users.',
 'impact': {'data_compromised': ['IP address',
                                 'password',
                                 'email address',
                                 'username'],
            'systems_affected': ['Website', 'Forum']},
 'post_incident_analysis': {'root_causes': 'Weak password encryption (unsalted '
                                           'MD5 and SHA-1)'},
 'title': 'Evony Gaming Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak password encryption (unsalted MD5 and SHA-1)'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.