Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Threat Management, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Yu-Gi-Oh fan forum breached, 6.5M email addresses, passwords compromised

A hacker has made off with at least 6.5 million email addresses and poorly hashed passwords from a Yu-Gi-Oh fan project called “Dueling Network.”

While the network itself was shut down by a cease and desist order in 2016, the site's forum continued running until recently, according to Vice's Motherboard.

Black Luster Soldier, a network administrator, told the publication, their working theory is that the assailant used a vulnerability in MySQL to obtain the information.

"At the moment, the claim that information has been breached for 6.5 DN million accounts appears to be accurate. Note that many accounts are duplicates owned by the same user or were never actually logged in, so this number is inflated," they said.

Leakbase, a paid breach notification service, provided Motherboard with a small sample of accounts for verification purposes. 

Black Luster Soldier advised users to change their passwords on any other services that use the same credentials as their Dueling Network account. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.