Cyber Incident Victim: NewSea

On September 22, 2016, an attacker using the alias "Websites Hunter" breached the gaming custom content website newseasims.com through an SQL injection attack, compromising 118,000 user accounts. The hacker exfiltrated a database containing personally identifiable information including usernames, first and last names, dates of birth, genders, and countries of residence. The stolen credentials included 117,743 unique email addresses paired with passwords stored using unsalted MD5 hashing, a cryptographic method considered vulnerable to brute-force attacks at the time. Online data mining firm Hacked-DB confirmed the breach date and data composition after analyzing the leaked dataset. The attacker subsequently uploaded the stolen records to a public file-sharing platform, where they remained accessible for download as of September 30, 2016. The website operator did not implement salt-based password protection despite industry-standard practices for credential storage.

The breach exposed sensitive user information from a niche gaming community unaffiliated with Electronic Arts, the publisher of The Sims franchise. Analysis of the dataset revealed concentration among specific email providers, though the article did not disclose the top 15 domains identified. This incident occurred during a period of heightened targeting of gaming platforms, with similar compromises affecting Exile Mod Gaming Forum (12,000 accounts), GTA forums, Epic Games, Dota 2, and Clash of Kings earlier in 2016. No containment measures or victim notifications by newseasims.com were documented in available reports. The persistence of the leaked data on public platforms extended the exposure window for affected users, increasing risks of credential-stuffing attacks and identity theft. Websites Hunter had previously compromised Kuwait Automotive Imports Company's customer data prior to this attack, indicating a pattern of targeting diverse online platforms.