CrimeCraft MAYN Games Breach

In February 2021, CrimeCraft, an online multiplayer shooter game operated by MAYN Games, experienced a significant data breach compromising the personal information of approximately 1.5 million users. The breach was orchestrated by a threat actor known as @donjuji, who exploited vulnerabilities in the game's infrastructure to access and exfiltrate sensitive user data.
The exposed data encompassed a range of personally identifiable information, including usernames, email addresses, IP addresses, dates of birth, and passwords. The passwords were stored using the Ruby on Rails Restful-Auth SHA1 hashing method, specifically identified as hashcat mode 27200. Despite the application of this hashing technique, the breach's severity was amplified by reports indicating that 91% of the compromised passwords were successfully cracked, suggesting potential weaknesses in the hashing implementation or the prevalence of weak user-generated passwords.