capital of games

We've been tracking a resurgence in older breach datasets appearing in aggregated credential stuffing lists. While these breaches are years old, the reuse of credentials across platforms means they still pose a risk. Our team recently flagged a large set of credentials linked to **capitalofgames.com**, a now-defunct online gaming site. What struck us wasn't just the volume of exposed accounts, but the plain MD5 hashing algorithm used to secure passwords, making them trivial to crack with modern tools. The data had been circulating quietly for years, but its reappearance in recent dumps signals ongoing risk.

The Capital of Games Breach: Over Half a Million Accounts Exposed

The breach at **capitalofgames.com**, a gaming platform that ceased operations some time ago, resulted in the exposure of **505,773** user accounts. The data surfaced on **November 6, 2015**, and has recently resurfaced in credential stuffing lists. This re-emergence highlights the long tail risk associated with older breaches, particularly when weak hashing algorithms are used.

Our team discovered the capitalofgames.com data while processing a large aggregate of leaked credentials from multiple sources. The breach caught our attention due to the age of the data combined with the weak hashing algorithm used. This combination makes the compromised credentials particularly vulnerable to cracking. The exposed data includes:

Key point: Total records exposed: 505,773

Key point: Types of data included: Email addresses, usernames, IP addresses, password salts, and password hashes.

Key point: Sensitive content types: While the data itself doesn't contain documents or images, the exposed email addresses and passwords can be used to access other, more sensitive accounts.

Key point: Source structure: The data appears to originate from a database dump.

Key point: Leak location(s): The credentials have been observed on various breach forums and are likely circulating on Telegram channels frequented by credential stuffers.

External Context & Supporting Evidence

While there is limited dedicated news coverage of the capitalofgames.com breach from 2015, the incident is listed on several breach aggregation sites. The continued presence of this data in circulation serves as a reminder of the enduring risk posed by older breaches, especially those involving weakly protected passwords. Security Affairs covered the general risk of MD5 hashing in 2013, noting its vulnerability to rainbow table attacks. This vulnerability makes the capitalofgames.com data especially dangerous even years after the initial breach.

Email · Address · Username · Ip · Salt · Password · Hash