Cyber Incident Victim: Evony Gaming

In June 2016, Evony Gaming experienced a significant breach of its official website, resulting in the theft of 33,407,472 registered user accounts. The compromised data included usernames, email addresses, unsalted MD5 and SHA-1 hashed passwords, and IP addresses. A subsequent breach occurred in August 2016 targeting Evony’s forum, exposing an additional 938,000 registered accounts. The stolen data was later identified by LeakedSource, a breach notification service, which confirmed the presence of weakly secured password hashes vulnerable to cracking. The incident also impacted users who utilized Facebook Connect for authentication, potentially exposing associated Facebook credentials due to the integration of this single sign-on feature. No evidence indicated Evony issued formal security notifications to affected users following either breach.

Analysis of the exposed data revealed widespread poor password security practices among Evony users. The password "123456" was the most commonly used credential, while "@yahoo.com" ranked among the predominant email domains. LeakedSource confirmed that the unsalted hash algorithms allowed rapid decryption of many passwords, increasing risks of credential reuse attacks. The cumulative exposure of over 34 million accounts across the two incidents represented one of the largest gaming-related breaches of 2016. The compromised Facebook-linked accounts introduced additional attack vectors beyond Evony’s ecosystem. No technical containment measures or forensic findings regarding attacker origins were disclosed in available sources.