What happened in the Пара Па Breach?
DataBreach.com Team · March 16th 2025, 8:00 pm EDT
In August 2016, Пара Па (Para Pa), a Russian online gaming platform hosted on the subdomain parapa.mail.ru, experienced a significant data breach. The incident compromised approximately 5 million user accounts, exposing usernames, email addresses, and passwords stored as salted MD5 hashes.
This breach was part of a larger security incident affecting multiple subdomains of mail.ru, Russia's largest email provider. The breaches collectively impacted over 27 million accounts across various gaming platforms, including cfire.mail.ru and tanks.mail.ru. The compromised data encompassed usernames, email addresses, IP addresses, and phone numbers.
The root cause of these breaches was identified as vulnerabilities in the vBulletin platform, specifically related to unpatched versions susceptible to SQL injection attacks via the Forumrunner add-on. Despite security patches being available months prior, the affected platforms had not applied these updates, leaving them vulnerable to exploitation.
