Table of Contents
Summary
Gaming company Evony was hacked for a total of 33,407,472 users from its main game database in June of 2016. Earlier this year in August we discovered their forums were also hacked for 938k users.
Each record contains a username, email address, password, and ip address among other internal data fields.
Users can now get notified any time they appear in a breach. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.
Passwords
Passwords were stored using unsalted MD5 hashing which means at this point we have cracked most of them. Surprisingly they also stored the passwords in unsalted SHA1 next to the MD5 which makes no sense but anyway, here is the top list of most frequently used credentials:
| Rank | Password | Frequency |
| 1 | 123456 | 714,466 |
| 2 | fuk19600 | 208,121 |
| 3 | 123456789 | 163,318 |
| 4 | mynoob | 119,365 |
| 5 | password | 96,151 |
| 6 | 111111 | 82,593 |
| 7 | 74,051 | |
| 8 | evildick | 70,546 |
| 9 | qwerty | 55,872 |
| 10 | 1234567 | 52,902 |
| 11 | 123123 | 44,463 |
| 12 | fuku00198 | 39,629 |
| 13 | 12345678 | 39,599 |
| 14 | evony192 | 39,036 |
| 15 | 1234567890 | 32,297 |
| 16 | abc123 | 29,538 |
| 17 | 000000 | 28,466 |
| 18 | 111555 | 27,749 |
| 19 | 654321 | 27,319 |
| 20 | dragon | 23,095 |
| 21 | killer | 21,948 |
| 22 | again1 | 21,239 |
| 23 | omg199 | 20,880 |
| 24 | whatthezor | 20,651 |
| 25 | aaaaaa | 20,574 |
| 26 | football | 19,424 |
| 27 | blasted1 | 19,318 |
| 28 | notthat | 17,363 |
| 29 | pokemon | 17,318 |
| 30 | asdfgh | 17,079 |
| 31 | wenoob | 16,359 |
| 32 | 666666 | 16,313 |
| 33 | evony1 | 16,096 |
| 34 | liverpool | 15,653 |
| 35 | fuckyou | 15,540 |
| 36 | ihatethisgame | 15,459 |
| 37 | qazxsw | 14,591 |
| 38 | 123321 | 13,760 |
| 39 | 987654321 | 13,214 |
| 40 | monkey | 13,174 |
| 41 | derp12!@ | 13,042 |
| 42 | shadow | 12,955 |
| 43 | asdfghjkl | 12,561 |
| 44 | hahaha | 12,557 |
| 45 | qwertyuiop | 12,175 |
| 46 | 112233 | 11,877 |
| 47 | potato | 11,874 |
| 48 | 121212 | 11,869 |
| 49 | 555555 | 11,669 |
| 50 | suckme | 11,632 |
| 51 | soccer | 11,525 |
| 52 | password1 | 11,128 |
| 53 | starwars | 10,905 |
| 54 | iloveyou | 10,845 |
| 55 | baseball | 10,435 |
After the Last.fm breach, one of our favorite Twitter users @SwiftOnSecurity asked us to look for some interestingly long passwords so for breaches with simple hashing algorithms we’re going to add that to our blog posts. Here are some hand picked long, interesting Evony passwords we managed to crack:
| Password | Length |
| destroyerspeedfluxquadrantinclusionexhaustrelease | 49 |
| derpderpderpderpderpderpderpderpderpderpderpderp | 48 |
| plseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee | 43 |
| 123456789qazwsxedcrfvtgbyhnujmik,ol.p;/[‘]\ | 43 |
| 1324354657687980qazwsxedcrfvtgbyhnujmikolp | 42 |
| lamborghinimurcielagolp670-4superveloce | 39 |
| aleksandra123456789123456789123456789 | 37 |
| thequickbrownfoxjumpedoverthelazydogs | 37 |
| kosova1234567891011121314151617181920 | 37 |
| upupdowndownleftrightleftrightbastart | 37 |
| hari yang cerah untuk jiwa yang sepi | 36 |
| thequickbrownfoxjumpsoverthelazydog | 35 |
| supercalifragilisticexpialidocious | 34 |
| STAYOFFMYSHIT123321456654789987 | 31 |
| osenhoremeupastorenadamefaltara | 31 |
| nailsforbreakfasttacksforsnacks | 31 |
| noonewilleverguessmypassword123 | 31 |
| Concentration camps were set up | 31 |
| osenhoremeupastorenadamefaltara | 31 |
| transformers2revengeofthefallen | 31 |
| nailsforbreakfasttacksforsnacks | 31 |
| cristianmejorfutbolistadelmundo | 31 |
| playstation3callofdutyblackops | 30 |
| i kissed a girl and i liked it | 30 |
| puppiesandkittenshannahmontana | 30 |
| bobesponjapantalonescuadrados | 29 |
| ifthemudaintflyinyouainttryin | 29 |
| cristianjosiasmenesesgallardo | 29 |
| iloveedwardcullenfromtwilight | 29 |
| illkeepyoumydirtylittlesecret | 29 |
| hades lord of the under world | 29 |
| mycatsbreathsmellslikecatfood | 29 |
| youwillneverguessthispassword | 29 |
| needforspeedmostwantedgregory | 29 |
| somethingstrangforsomechange | 28 |
| manchesterunitedthereddevils | 28 |
| you dont mess with the zohan | 28 |
| honorificabilitudinitatibus | 27 |
| billie jean is not my lover | 27 |
| fuckyoubitcheseatshitanddie | 27 |
| toofasttolivetooyoungtodie | 26 |
| sir sir what are you doing | 26 |
Emails
Simple table of top email domains
| Rank | Email Domain | Frequency |
| 1 | @yahoo.com | 7,464,078 |
| 2 | @hotmail.com | 6,493,345 |
| 3 | @gmail.com | 3,593,315 |
| 4 | NONE | 3,453,701 |
| 5 | @aol.com | 1,005,343 |
| 6 | @hotmail.co.uk | 667,075 |
| 7 | @live.com | 630,399 |
| 8 | @msn.com | 330,372 |
| 9 | @ymail.com | 253,433 |
| 10 | @yahoo.co.uk | 229,153 |
| 11 | @comcast.net | 219,959 |
| 12 | @live.co.uk | 170,255 |
| 13 | @hotmail.fr | 137,503 |
| 14 | @aim.com | 125,611 |
| 15 | @rocketmail.com | 121,204 |
| 16 | @mail.com | 110,115 |
| 17 | @sbcglobal.net | 106,120 |
| 18 | @att.net | 87,345 |
| 19 | @yahoo.co.in | 84,603 |
| 20 | @yahoo.ca | 83,417 |
| 21 | @btinternet.com | 81,772 |
| 22 | @googlemail.com | 81,200 |
| 23 | @verizon.net | 80,931 |
| 24 | @live.nl | 76,160 |
| 25 | @mail.ru | 75,362 |
| 26 | @live.ca | 74,381 |
| 27 | @yahoo.fr | 66,145 |
| 28 | @yahoo.co.id | 59,728 |
| 29 | @cox.net | 58,753 |
| 30 | @true.com | 57,712 |
| 31 | @bigpond.com | 56,659 |
| 32 | @live.fr | 54,896 |
| 33 | @live.com.au | 52,850 |
| 34 | @abv.bg | 50,536 |
| 35 | @rediffmail.com | 49,450 |
| 36 | @yahoo.com.au | 49,422 |
| 37 | @bellsouth.net | 49,082 |
| 38 | @web.de | 48,816 |
| 39 | @seznam.cz | 48,242 |
| 40 | @naver.com | 43,835 |
| 41 | @sexy.com | 42,638 |
| 42 | @NOOB.com | 41,187 |
| 43 | @sky.com | 39,185 |
| 44 | @charter.net | 38,389 |
| 45 | @windowslive.com | 36,441 |
| 46 | @wp.pl | 34,908 |
| 47 | @ntlworld.com | 32,284 |
| 48 | @yo.com | 31,413 |
| 49 | @shaw.ca | 30,084 |
| 50 | @hotmail.it | 29,848 |
| 51 | @hotmail.de | 29,126 |
| 52 | @hotmail.es | 28,466 |
| 53 | @yahoo.com.vn | 28,313 |
| 54 | @gmx.de | 28,297 |
| 55 | @live.dk | 28,164 |
More Databases
We are virtually up to our eyeballs in databases so we’ll be adding 18 others with this release. They are not processed yet but we expect them to be finished by tomorrow, here’s the list and approximate hack date:
- AvMagazine.it – 134,657 users – September 9th, 2016
- AllGsmun.com – 134,859 users – September 15th, 2016
- CraftsForum.co.uk – 143,870 users – September 2nd, 2016
- CuttingEdgeMuscle.com – 90,338 users – September 11th, 2016
- DVDrBase.info – 90,174 users – October 8th, 2013
- Enworld.org – 284,586 users – September 14th, 2016
- Babeunion.com – 61,115 users – September 10th, 2016
- OldVersion.com – 81,344 users – September 1st, 2016
- Pashnit.com – 41,181 users – January 16th, 2015
- PatriotGuard.org – 343,249 users – September 10th, 2016
- SkodaForum.com – 63,962 users – July 28th, 2016
- SprintUsers.com – 422,681 users – September 16th, 2016
- StoicStudio.com – 56,089 users – September 4th, 2016
- TheHackerParadise.com – 39,563 users – September 2nd, 2016
- AutoGeek.com – 74,576 users – August 21st, 2016
- GEarthHacks.com – 242,786 users – August 21st, 2016
- TitanQuest.com – 100,722 users – August 21st, 2016
- Vbet.com – 1,164,546 users – August 19th, 2016
The next breach will contain about 40 million users once we’re finished processing it, so stay tuned! We also have these 52m users we may add before then. https://www.riskbasedsecurity.com/2016/10/modern-business-solutions-stumbles-over-a-modern-business-problem-58m-records-dumped-from-an-unsecured-database/
