Gamigo, a subsidiary of Axel Springer AG and based in Hamburg and New York is one of the leading western publishers of free-to-play MMOGs (massively multiplayer online games). In the end of February the company announced in an official post on the Jagged Alliance forum that they had “detected an illegal intrusion into [its] Gamigo account system.”
As a result of the hack, Gamigo initiated a temporary cessation of registration and account payment and management services. The company has said that while it will keep the game servers operational, “the gAS services might be down for a while.” Gamigo stated that the company used encryption to store its passwords, however they did not elaborate on what type of encryption was used, but did say, “No access to account names and other data is confirmed.”
There were no further updates on Jagged Alliance forums, instead on March 1, 2012 Gamigo sent out an email informing its users of the hack and the fact that the company had forced a system wide password reset as a precaution. Gamigo a short time later updated the Jagged Alliance forum post with instructions on how users could reset their passwords. The email that was sent out to Gamigo’s users is posted below:
As you have all already noticed, our game servers, websites and forums are partially unreachable at the moment. We would like to explain to you what happened and what has been done on our side.
There was an attack on the gamigo database in which user information, such as alias usernames and encrypted passwords were stolen. An excerpt from these was published in the gamigo forums. We detected the attack and are working to the utmost of our resources to repair the damage and determine how it happened.
Your character data, including items, is safely stored on the backup! We cannot rule out that the intruder(s) is/are still in possession of additional personal data, although to date we have received no report of any fraudulent use.
To prevent any unauthorized access to your account, we have reset all passwords for the gamigo account system and for all gamigo games!
Gamigo later posted on their website information on the breach and instructions on how users could secure their accounts and reset their passwords.
And though as of March 1, 2012 there was nothing to indicate that the hackers had actually obtained user information, (because there was no apparent fraudulent activity) there certainly was the feeling of waiting for the other shoe to drop, at least in the cyber security industry. And drop it did, in a big way!
On July 6, 2012, five months after Gamigo announced it had been the victim of a cyber attack on its server, 8.24 million email and passwords were exposed on the InsidePro Software Forum by the Gamigo attackers, or other entities who gained access to it.
While the breach will remain a serious concern for those whose information was stolen, it is not seen as perilous as it could have been had the hackers published the information when the breach first occurred as many months have past and those affected have since changed their passwords. The real danger now is for those Gamigo users who use the same password for multiple sites and have not changed them all, a very bad cyber security practice (or lack of cyber security) that many people admit to doing.
Additional Resources About This Breach: