Home   >   Blog

Doomworld Suffers Data Breach Affecting 34.4k Users

November 5, 2022

Home   >   Blog

Doomworld, the oldest unofficial fan news website for the computer game series Doom, has suffered a recent data breach which has affected more than 30,000 users. The breach, which has until now gone unreported, was first detected by the research team here at VPN Brains after hackers began offering the compromised data for sale on the dark web, on 12th October, 2022.  

What data has been stolen or compromised? 

According to the user data being offered for sale on the dark web, this totals 34.4k user account and includes the following personal identifiable information (PII):

  • Usernames 
  • Email addresses 
  • IP addresses 
  • Dates of birth 
  • Passwords 

Where is the data being offered for sale? 

The compromised user data stolen from Doomworlds is being offered for sale via BreachForums, a website that markets itself as the successor to Raid Forums. 

What has Doomworld said about this breach so far?

Doomworld creator Andrew Stine posted about the breach on Doomworld’s website on October 13th, 2022 one day after the breach occurred. “Doomworld (probably) got pwned by a script kiddie. I don’t know what databases were accessed but they claim email addresses and password hashes, at the least. I will be looking into this further of course,” writes Stine. 

Stine was confident that the password data would not be decryptable, as password data is not stored directly. Passwords are stored as the output of a salted and hashed one-way algorithm. 

Taking responsibility for the breach, Stine said, “As the admin, this is ultimately my fault, and I am very sorry it has happened. I will have to consider this and consult with others to decide what sort of site changes need to be made to help fix this situation.” Finally, he ended with some evergreen advice: “[T]his is a good opportunity to consider your password hygiene and begin using a password manager with unique passwords if you haven’t done so.”

What should Doomworld users do to protect their personal data?

Doomworld users should assume that their accounts were affected by the breach. The good news is that the breach won’t reveal your password – just the output of the encryption function.

While it’s not necessary to change your password, it may still be smart to do so. Just keep in mind that until the exploit has been fixed on the server, potential bad actors still have access to that encrypted data. 

As Stine mentioned, this breach isn’t catastrophic but it’s a good reminder to practice good password hygiene. Use unique passwords, and a password manager, and frequently update old passwords to ensure you stay safe online. 

About DoomWorld

Doomworld is a popular fan forum that gets over 500k monthly visits according to Similarweb. 

It offers discussions on anything about the Doom games. Doom, Doom II, and other Doom-engine-based games are first-person shooter games. Doom’s creator, John Romero, admits that he still visits the website to keep up with the community surrounding his game.

Founded in 1998 by Andrew Stine, Gaston Lahaut, and Javier Heredia, the site was part of the AtomicGamer network until AtomicGamer was shut down in 2015. Today, it’s an independent site.

Leave a Reply

Your email address will not be published.