The Evony gaming company's website and forum were breached, exposing the personal information of 33 million players.
A second hack of the website occurred two months later, this time targeting the Evony forum and exposing the personal information of 938,000 registered users.
Among other internal data fields, each record has an IP address, password, email address, and username. Whenever a user appears in a breach, they can now receive notifications.
Because the passwords were saved in unsalted MD5 and SHA-1 (Secure Hash Algorithm 1), hackers can easily decrypt them.
Source: https://securityaffairs.com/52260/data-breach/evony-data-breach.html
"id": "EVO201151123",
"linkid": "evonynet",
"type": "Breach",
"date": "10/2016",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"