Back to Blog

LeakedSource Analysis of Evony.com Hack

LeakedSource Team
|
October 11th, 2016

33 Million gamer accounts stolen

Table of Contents

  • Summary
  • Passwords
  • Emails
  • More databases

    • Summary

    Gaming company Evony was hacked for a total of 33,407,472 users from its main game database in June of 2016. Earlier this year in August we discovered their forums were also hacked for 938k users.

    Each record contains a username, email address, password, and ip address among other internal data fields.

    Users can now get notified any time they appear in a breach. If your personal information appears in our copy of this database, or in any other leaked database that we possess, you may remove yourself for free.

    Passwords

    Passwords were stored using unsalted MD5 hashing which means at this point we have cracked most of them. Surprisingly they also stored the passwords in unsalted SHA1 next to the MD5 which makes no sense but anyway, here is the top list of most frequently used credentials:
    Rank Password Frequency
    1 123456 714,466
    2 fuk19600 208,121
    3 123456789 163,318
    4 mynoob 119,365
    5 password 96,151
    6 111111 82,593
    7 google 74,051
    8 evildick 70,546
    9 qwerty 55,872
    10 1234567 52,902
    11 123123 44,463
    12 fuku00198 39,629
    13 12345678 39,599
    14 evony192 39,036
    15 1234567890 32,297
    16 abc123 29,538
    17 000000 28,466
    18 111555 27,749
    19 654321 27,319
    20 dragon 23,095
    21 killer 21,948
    22 again1 21,239
    23 omg199 20,880
    24 whatthezor 20,651
    25 aaaaaa 20,574
    26 football 19,424
    27 blasted1 19,318
    28 notthat 17,363
    29 pokemon 17,318
    30 asdfgh 17,079
    31 wenoob 16,359
    32 666666 16,313
    33 evony1 16,096
    34 liverpool 15,653
    35 fuckyou 15,540
    36 ihatethisgame 15,459
    37 qazxsw 14,591
    38 123321 13,760
    39 987654321 13,214
    40 monkey 13,174
    41 derp12!@ 13,042
    42 shadow 12,955
    43 asdfghjkl 12,561
    44 hahaha 12,557
    45 qwertyuiop 12,175
    46 112233 11,877
    47 potato 11,874
    48 121212 11,869
    49 555555 11,669
    50 suckme 11,632
    51 soccer 11,525
    52 password1 11,128
    53 starwars 10,905
    54 iloveyou 10,845
    55 baseball 10,435
    After the Last.fm breach, one of our favorite Twitter users @SwiftOnSecurity asked us to look for some interestingly long passwords so for breaches with simple hashing algorithms we're going to add that to our blog posts. Here are some hand picked long, interesting Evony passwords we managed to crack:

    Password Length
    destroyerspeedfluxquadrantinclusionexhaustrelease 49
    derpderpderpderpderpderpderpderpderpderpderpderp 48
    plseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee 43
    123456789qazwsxedcrfvtgbyhnujmik,ol.p;/[']\ 43
    1324354657687980qazwsxedcrfvtgbyhnujmikolp 42
    lamborghinimurcielagolp670-4superveloce 39
    aleksandra123456789123456789123456789 37
    thequickbrownfoxjumpedoverthelazydogs 37
    kosova1234567891011121314151617181920 37
    upupdowndownleftrightleftrightbastart 37
    hari yang cerah untuk jiwa yang sepi 36
    thequickbrownfoxjumpsoverthelazydog 35
    supercalifragilisticexpialidocious 34
    STAYOFFMYSHIT123321456654789987 31
    osenhoremeupastorenadamefaltara 31
    nailsforbreakfasttacksforsnacks 31
    noonewilleverguessmypassword123 31
    Concentration camps were set up 31
    osenhoremeupastorenadamefaltara 31
    transformers2revengeofthefallen 31
    nailsforbreakfasttacksforsnacks 31
    cristianmejorfutbolistadelmundo 31
    playstation3callofdutyblackops 30
    i kissed a girl and i liked it 30
    puppiesandkittenshannahmontana 30
    bobesponjapantalonescuadrados 29
    ifthemudaintflyinyouainttryin 29
    cristianjosiasmenesesgallardo 29
    iloveedwardcullenfromtwilight 29
    illkeepyoumydirtylittlesecret 29
    hades lord of the under world 29
    mycatsbreathsmellslikecatfood 29
    youwillneverguessthispassword 29
    needforspeedmostwantedgregory 29
    somethingstrangforsomechange 28
    manchesterunitedthereddevils 28
    you dont mess with the zohan 28
    honorificabilitudinitatibus 27
    billie jean is not my lover 27
    fuckyoubitcheseatshitanddie 27
    toofasttolivetooyoungtodie 26
    sir sir what are you doing 26

    Emails

    Simple table of top email domains
    Rank Email Domain Frequency
    1 @yahoo.com 7,464,078
    2 @hotmail.com 6,493,345
    3 @gmail.com 3,593,315
    4 NONE 3,453,701
    5 @aol.com 1,005,343
    6 @hotmail.co.uk 667,075
    7 @live.com 630,399
    8 @msn.com 330,372
    9 @ymail.com 253,433
    10 @yahoo.co.uk 229,153
    11 @comcast.net 219,959
    12 @live.co.uk 170,255
    13 @hotmail.fr 137,503
    14 @aim.com 125,611
    15 @rocketmail.com 121,204
    16 @mail.com 110,115
    17 @sbcglobal.net 106,120
    18 @att.net 87,345
    19 @yahoo.co.in 84,603
    20 @yahoo.ca 83,417
    21 @btinternet.com 81,772
    22 @googlemail.com 81,200
    23 @verizon.net 80,931
    24 @live.nl 76,160
    25 @mail.ru 75,362
    26 @live.ca 74,381
    27 @yahoo.fr 66,145
    28 @yahoo.co.id 59,728
    29 @cox.net 58,753
    30 @true.com 57,712
    31 @bigpond.com 56,659
    32 @live.fr 54,896
    33 @live.com.au 52,850
    34 @abv.bg 50,536
    35 @rediffmail.com 49,450
    36 @yahoo.com.au 49,422
    37 @bellsouth.net 49,082
    38 @web.de 48,816
    39 @seznam.cz 48,242
    40 @naver.com 43,835
    41 @sexy.com 42,638
    42 @NOOB.com 41,187
    43 @sky.com 39,185
    44 @charter.net 38,389
    45 @windowslive.com 36,441
    46 @wp.pl 34,908
    47 @ntlworld.com 32,284
    48 @yo.com 31,413
    49 @shaw.ca 30,084
    50 @hotmail.it 29,848
    51 @hotmail.de 29,126
    52 @hotmail.es 28,466
    53 @yahoo.com.vn 28,313
    54 @gmx.de 28,297
    55 @live.dk 28,164

    More Databases

    We are virtually up to our eyeballs in databases so we'll be adding 18 others with this release. They are not processed yet but we expect them to be finished by tomorrow, here's the list and approximate hack date:
    • AvMagazine.it - 134,657 users - September 9th, 2016
    • AllGsmun.com - 134,859 users - September 15th, 2016
    • CraftsForum.co.uk - 143,870 users - September 2nd, 2016
    • CuttingEdgeMuscle.com - 90,338 users - September 11th, 2016
    • DVDrBase.info - 90,174 users - October 8th, 2013
    • Enworld.org - 284,586 users - September 14th, 2016
    • Babeunion.com - 61,115 users - September 10th, 2016
    • OldVersion.com - 81,344 users - September 1st, 2016
    • Pashnit.com - 41,181 users - January 16th, 2015
    • PatriotGuard.org - 343,249 users - September 10th, 2016
    • SkodaForum.com - 63,962 users - July 28th, 2016
    • SprintUsers.com - 422,681 users - September 16th, 2016
    • StoicStudio.com - 56,089 users - September 4th, 2016
    • TheHackerParadise.com - 39,563 users - September 2nd, 2016
    • AutoGeek.com - 74,576 users - August 21st, 2016
    • GEarthHacks.com - 242,786 users - August 21st, 2016
    • TitanQuest.com - 100,722 users - August 21st, 2016
    • Vbet.com - 1,164,546 users - August 19th, 2016
    The next breach will contain about 40 million users once we're finished processing it, so stay tuned! We also have these 52m users we may add before then. https://www.riskbasedsecurity.com/2016/10/modern-business-solutions-stumbles-over-a-modern-business-problem-58m-records-dumped-from-an-unsecured-database/

    Check Your Breach Exposure

    Find out if your email address has been compromised in any known data breaches.

    Scan Your Email Now
    All Posts