What Happened
In March 2012, German online game publisher Gamigo suffered a data breach that exposed over 8.2 million user accounts, with the compromised data including email addresses and passwords stored as unsalted MD5 hashes. The attackers gained unauthorized access to Gamigo’s user database in early March, and while the company immediately notified users and forced password resets, the stolen data was later published to the password-cracking forum InsidePro in July 2012—approximately four months after the initial breach. The leaked records included approximately 3 million American accounts, 2.4 million German accounts, and 1.3 million French accounts, with some email addresses belonging to major corporations such as IBM, Siemens, Deutsche Bank, and ExxonMobil. The weak MD5 hashing without salt made the passwords vulnerable to cracking, with attackers reportedly decrypting over 90% of the passwords, creating significant risk for users who reused credentials across multiple websites.
