cyber Breach

EvonyNet

Nov 5, 2023 1 min read
EvonyNet

The Evony gaming company's website and forum were breached, exposing the personal information of 33 million players.

A second hack of the website occurred two months later, this time targeting the Evony forum and exposing the personal information of 938,000 registered users.

Among other internal data fields, each record has an IP address, password, email address, and username. Whenever a user appears in a breach, they can now receive notifications.

Because the passwords were saved in unsalted MD5 and SHA-1 (Secure Hash Algorithm 1), hackers can easily decrypt them.

Source: https://securityaffairs.com/52260/data-breach/evony-data-breach.html

TPRM report: https://scoringcyber.rankiteo.com/company/evonynet

"id": "evo201151123",
"linkid": "evonynet",
"type": "Breach",
"date": "10/2016",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': ['33 million players',
                                               '938,000 registered users'],
                        'industry': 'Gaming',
                        'name': 'Evony',
                        'type': 'Gaming Company'}],
 'attack_vector': ['Website Breach', 'Forum Breach'],
 'data_breach': {'data_encryption': ['Unsalted MD5', 'SHA-1'],
                 'number_of_records_exposed': ['33 million', '938,000'],
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['IP address',
                                              'password',
                                              'email address',
                                              'username']},
 'description': "The Evony gaming company's website and forum were breached, "
                'exposing the personal information of 33 million players. A '
                'second hack occurred two months later, targeting the Evony '
                'forum and exposing the personal information of 938,000 '
                'registered users. Each record includes an IP address, '
                'password, email address, and username. The passwords were '
                'saved in unsalted MD5 and SHA-1, making them easily '
                'decryptable.',
 'impact': {'data_compromised': ['IP address',
                                 'password',
                                 'email address',
                                 'username'],
            'systems_affected': ['Website', 'Forum']},
 'title': 'Evony Gaming Company Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': ['Unsalted MD5', 'SHA-1']}
Published by
Roshni Ray
Roshni Ray
You might also like
Breach cyber

Dansons

public 1 min read
The breach involved unauthorized access to customer payment information, affecting 19 New Hampshire residents. The compromised information included names, addresses,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.