The data contains users' email addresses, hashed passwords, dates of birth, and IP addresses.
Image: Che Saitta-Zelterman
Details for nearly 200,000 Grand Theft Auto fan site users have been traded on the digital underground.
GTAGaming.com, which posts news, screenshots, and other information about the Grand Theft Auto video game series, was breached earlier this month. A source provided Motherboard with the data after finding it on a hacking forum, and it contains email addresses, hashed passwords, dates of birth, and IP addresses. The hacking forum has since shut down.
"I was aware of a hack and had already been reversing the damage, but it was not until your email that I had heard that any data had actually been obtained," Shawn Harkin, the administrator of GTAGaming, told Motherboard in an email.
"Of course, data for even one account being stolen is already one too many"
A post on GTAGaming says that users will be forced to change their password upon logging in, and the site will soon force a reset for those who have not updated their passwords. The site ran on vBulletin, a piece of website software that has led to a series of data breaches recently.
"We have now closed the forums permanently, and any accounts not updated within the next couple weeks will be deleted from the database," the post continues. "We will be moving the account database into a more secure authentication system, removing all trace of the vBulletin forum software, and until then will be keeping a close eye to prevent any further compromises."
Security researcher and owner of the breach notification site Have I Been Pwned? Troy Hunt first notified Motherboard of the breach. He said that the data contained 197,000 unique email addresses, and Harkin confirmed that the passwords were hashed twice with the MD5 algorithm and a salt (a salt is a random string added to passwords to make the hash harder to crack).
But Harkin claimed that the actual number of real users would have been much smaller than the 197,000 accounts.
"More than half are the result of spambot signups, either banned or having never progressed past email verification, while another significant number are inactive accounts created as early as 2003," he told Motherboard.
"Of course, data for even one account being stolen is already one too many, it is at least fortunate in this scenario that the number of actual people affected would be significantly less than even 30,000—and of those, hopefully none suffer any compromised accounts beyond GTAGaming," he continued.
The lesson: Those affected can only be sure they won't fall victim to other compromises by not using the same password on other sites as they did on GTAGaming. With this dataset, a hacker might be able to crack the hashes, obtain the user's password, and then log into any other services that use it as well.
Another day, another hack.