- Total Records22,694,601
- Unique Emails22,007,096
- Unique Email Providers189,769
- Unique IP Addresses17,843,028
- Unique Usernames22,497,054
R2Games.com Data Breach: What Happened in December 2015?
In December 2015, gaming enthusiasts who frequented R2Games.com received troubling news: the popular online gaming platform’s forum had suffered a major data breach. The incident affected more than 22 million user records and shed light on security vulnerabilities within the site’s vBulletin forum system. Attackers gained access to and exposed a large collection of sensitive information tied to millions of players, including usernames, email addresses, IP addresses, and passwords. While passwords were stored as salted hashes, the defensive mechanism fell short, and many passwords were cracked due to weak hashing techniques. This breach quickly became one of the largest to impact the online gaming community during that year.
Scope of the R2Games.com Breach
The R2Games breach involved the compromise of 22,694,602 personal records. The exposed information included usernames, email addresses, IP addresses, and hashed passwords (along with their salts). With the forum database exposed, a substantial number of user credentials fell into the hands of malicious actors—and due to vulnerabilities in the forum’s password hashing implementation, many passwords were relatively easy to crack, further amplifying the risks for affected players.
How Did the Breach Occur?
The breach specifically targeted the vBulletin forum used by R2Games to support and connect its user community. Attackers exploited weaknesses within the forum’s software and security practices to gain unauthorized access to the underlying database. Once inside, they exfiltrated data that not only included login details and contact information but also technical identifiers like user IP addresses. The breach was discovered and reported in late 2015, but by then, the exposed data had already begun circulating online.
What Data Was Compromised?
- Usernames
- Email addresses
- IP addresses
- Hashed passwords (with salts)
This combination of account information and associated login credentials put users at risk for targeted phishing, credential stuffing, and privacy invasion.
Timeline of Events
- December 1, 2015: The breach occurred, with attackers gaining access to the vBulletin forum database.
- Following days and weeks: Exposed data was found circulating online, confirming the scope of the breach.
- Subsequent months: News of the breach spread through security communities and gaming forums, alerting affected users.
Frequently Asked Questions
What happened in the R2Games 2015 data breach?
R2Games.com suffered a breach of its vBulletin forum in December 2015, leading to the exposure of over 22 million user records containing usernames, emails, IP addresses, and hashed passwords. Weak hashing allowed many credentials to be cracked.
How many users were affected by the R2Games breach?
More than 22.6 million records were exposed in the R2Games data breach, making it one of the largest breaches in the gaming sector at the time.
What data was leaked in the R2Games.com breach?
The compromised data included usernames, email addresses, IP addresses, and password hashes together with their salts. Password hashing weaknesses meant that many users’ credentials were ultimately exposed in plain text.
When did the R2Games data breach happen?
The breach occurred on December 1, 2015, when attackers infiltrated the site’s vBulletin forum system.
Who was behind the R2Games data breach?
The specific individuals or groups responsible for the R2Games breach were not officially identified. The attack exploited known vulnerabilities in the vBulletin software and poor password hashing practices.
How can I check if I'm in the R2Games data breach?
You can check if your information was part of the R2Games.com breach by utilizing the DeHashed search engine.