We've observed a consistent pattern of older, smaller breaches resurfacing within larger combolists and credential stuffing attacks. This presents a unique risk, as organizations may not be actively monitoring for breaches that occurred years ago, even though the exposed credentials remain valid and dangerous. Our team recently identified one such instance involving a breach at Browser MMORPG, a now-defunct online directory for browser-based MMORPGs. What really struck us wasn't the size of the breach itself—at just under 14,000 records—but the potential downstream impact, given the age of the data and the likelihood of password reuse across different platforms.
The Browser MMORPG data breach, which occurred in July 2018, exposed 13,398 user records. The breach came to light after the data was posted on a prominent hacking forum. While the number of affected accounts is relatively small compared to more recent mega-breaches, the age of the data and the types of information compromised make this a relevant threat for enterprises today. The exposed data included email addresses and MD5-hashed passwords. The use of MD5, an outdated and easily crackable hashing algorithm, significantly increases the risk of these credentials being compromised and reused in credential stuffing attacks targeting other platforms.
Breach Stats:
Key point: Total records exposed: 13,398
Key point: Types of data included: Email Addresses, Password Hashes (MD5)
Key point: Source structure: Data posted on a hacking forum
Key point: Leak location: Prominent hacking forum (specific URL unavailable)
Key point: Date of first appearance: July 6, 2018
While the Browser MMORPG breach itself didn't receive widespread media coverage, the broader context of password reuse and the exploitation of older breaches is well-documented. Security researchers consistently warn about the dangers of using the same password across multiple accounts. A 2019 Google study, for example, found that 66% of people reuse the same password across multiple sites (Source: Google Online Security Blog). This behavior makes older breaches like the Browser MMORPG incident relevant because compromised credentials can be used to access other, more sensitive accounts.
Email · Address · Password · Hash
See if your personal information has been exposed in data breaches
Scan to sign up instantly
We found your data exposed in multiple breaches. This includes:
Your information is protected by enterprise-grade security