Multiplayer.it Database Data Leak: All the Official Information

In these hours, several reports have appeared on the internet regarding a data leak from the Multiplayer.it database composed of approximately 500,000 records extracted from the site including username, email, password, hash and salt.

We want to clarify the situation and reassure our users, but before we go into detail, we immediately confirm a few key points.

• The leak is harmless, users are not at risk.
• The event in question dates back to 2018 and has already emerged in 2019.
• There is no real risk to user data.
• No remedial action is necessary.

The technical department of NetAddiction Srl, the company that owns the site, immediately took action to verify any information leaks or problems related to the security and integrity of the database and did not find any anomalies in progress, tampering or unauthorized entries. For this reason, it was decided to investigate the leak in greater depth by analyzing the data present in the information theft to verify the origin of the data and confirm whether it was actually a new leak. An initial outcome of the checks confirmed that The stolen information affects about half of all emails currently present in the site’s user base (approximately 470,000 valid email boxes out of a total of approximately 800,000 email boxes currently included in the Multiplayer.it database).

By cross-checking the email registration dates on the current database and the emails with the most recent ID code in the leaked database, we can confirm that The data theft occurred in 2018 and it has been reported again these days. This means that Anyone who has registered on the site since 2019 is not included in this leak.

Are passwords safe?

It is important to note that this is the same event as in 2019, that is, it is not a new leak, and even at the time we had carried out a series of in-depth analyses, reaching the conclusions that we report below and which highlight how the leak has a low severity.

By analyzing the email, password and hash we deduced that the data theft occurred by acting on the vBulletin platforma software that the company used years ago to manage the official Multiplayer.it forum until the end of 2019 and that subsequently, due to a series of vulnerabilities, we decided to discontinue starting from 2020, making it unreachable. Some flaws in the software could have allowed forum members to see and consult user profiles by clearly displaying the username and registration email of the users themselves. Information that could therefore be stolen through simple navigation.

Furthermore, the encrypted passwords included in the leak do not correspond to those actually present in our database. Already several years before the decommissioning of vBulletin, the management of the forum registration procedure had in fact been unified with that of the site and was therefore managed through software developed internally by the company. For this reason The stolen passwords do not match the ones used at the time on the site because these are passwords automatically created by vBulletin, but not used on Multiplayer.it. In other words, the passwords, even if decrypted using the hash and salt codes, are still not effective and usable on the site because they are different from those actually entered by the user at the time of registration.

Risk assessment and actions taken

We already considered the leak not to be “dangerous” for several reasons.
The leak mainly contains a list of emails that, when the forum was active, were already visible in plain text by browsing the forum itself.
The passwords contained in the leak are encrypted and, more importantly, were not used for login due to the implementation of a Single Sign-On (SSO) for access management on the main site.
Also, the forum this data came from has not been active since 2020.

For all these reasons, at the time, we did not consider it necessary to notify the privacy guarantor, much less to oblige users to change their passwords, since those contained in the leak were not used to access the site. We therefore limited ourselves to reporting the incident on the forum itself, taking the necessary precautions and subsequently closing and then sending this component of Multiplayer.it offline.

Hoping that the technical explanation is clear enough, we would like to apologize for what happened and for the alarm that has been generated in these hours despite the problem dating back to 6 years ago. Using different passwords for each service and changing them periodically is a practice that we always feel like recommending, but at the same time We want to reassure our readers regarding the current use of the site and other services that share the same security key with the suggestion to change password if you have not done so for a long time, reiterating however that the passwords entered in the stolen data, even if decrypted, would not work anyway.

We will continue to monitor the situation and adopt the best security practices to protect our users’ data. And for any other needs or requests for clarifications, our support is always active and we will be happy to follow the comments on this news.