Information from Mortal Online accounts, an online MMORPG game, has leaked to the Internet after a violation on the game server.
On June 17, an unauthorized user, accessed the server maintained data with the game databases, and copied all the data. The affected bills are about 570.000.
The developers of Mortal Online have announced the violation when they realized it, 4 days later, and followed an investigation that led to data confirming the violation. To inform users, developers have advised that they do not keep copies of sensitive information such as debit card digits.
Although leaked card data, the database contained usernames and passwords from over half a million accounts that were stored in MD5 hashes.
MD5 is a type of encryption used primarily to control the integrity of data after a transfer (e.g., after downloading from a site). They are prone to bruteforce attacks, and their decryption can be done in seconds. 2012 was considered unsafe by its founder, when it was revealed how easily it was decoded.
The database, from the time it was stolen, is available for sale at various points online, and there are already reports that it is used for credential stuffing. This means that the combination of each username and password is tested on different platforms and services, which shows how important it is not to use the same password everywhere.
Plus, base data has been added to have been pwned, so users can see if their accounts have been broken.