Cyber Incident Victim: Emuparadise

In April 2018, the Emuparadise retro gaming platform experienced a data breach compromising its vBulletin forum infrastructure. The incident exposed approximately 1.1 million user accounts containing email addresses, IP addresses, usernames, and passwords stored as salted MD5 hashes. Emuparadise had previously hosted ROMs for retro game emulators before discontinuing this service in August 2018, though it maintained active community forums at the time of the breach. The compromised database remained undetected until June 2019 when cybersecurity notification services Have I Been Pwned and HackNotice began alerting users about their exposed information. DeHashed.com provided the stolen dataset to Have I Been Pwned on June 9, 2019, enabling public verification of the breach's scope and nature.

Evidence suggests the stolen data circulated within hacker communities for months prior to its discovery, with forum users offering to sell or trade the Emuparadise database as early as January 2019. The breach impacted Emuparadise's reputation as a prominent retro gaming resource, though the organization did not publicly confirm or address the incident when contacted by media outlets. No technical details regarding the intrusion method or containment measures were disclosed. The exposure of salted MD5 hashes represented a significant security concern due to the cryptographic weaknesses of this hashing algorithm, potentially enabling password cracking attempts against affected accounts. BleepingComputer attempted to contact both Emuparadise and DeHashed for additional details but received no response prior to publication.