GamesFuckGirls

We've been tracking the resurgence of older breach datasets in combolists circulating on underground forums, and what struck us about this particular instance was the continued presence of MD5 hashed passwords. While not a new vulnerability, the persistence of this weak hashing algorithm from a 2018 breach on GamesFuckGirls, a pornographic games website, underscores the long tail of security debt. The data had been circulating quietly, but we noticed a spike in mentions on a specific Telegram channel known for aggregating and selling combolists. This suggests the data is actively being used in credential stuffing attacks.

GamesFuckGirls leak exposes 21k email addresses and weak password hashes

The GamesFuckGirls breach, dating back to February 2018, recently resurfaced with increased visibility in underground channels. The breach initially exposed approximately 21,187 records. What caught our attention was the use of unsalted MD5 hashes for password storage, a practice considered obsolete even in 2018. The re-emergence of this data highlights the ongoing risk posed by legacy systems and the value of even outdated credentials to attackers.

The breach was initially discovered following its posting on a popular hacking forum, and has now been added to combolists, making it readily available for credential stuffing attacks. This matters to enterprises now because even if users have changed their passwords on other services since 2018, the fact that they used those same credentials on GamesFuckGirls could give attackers a starting point for targeting them again. This ties into the broader threat theme of credential reuse and the automation of attacks using readily available breach data.

Key point: Total records exposed: 21,187

Key point: Types of data included: Email Address, Password Hash (MD5)

Key point: Sensitive content types: None beyond email and password hashes

Key point: Source structure: Unspecified, but likely a database dump or export

Key point: Leak location(s): Initially posted on a hacking forum, now circulating on Telegram channels

Key point: Date of first appearance: February 23, 2018

BleepingComputer covered the initial breach in 2018, noting the website's relatively small user base at the time (BleepingComputer). The renewed interest in this older breach data underscores the value that attackers place on comprehensive credential datasets, regardless of their age. One Telegram post claimed the files were "useful for brute-forcing accounts on smaller sites". The use of open-source password cracking tools to reverse MD5 hashes remains a viable method, even with modern hardware.

Email · Address · Password · Hash