Earth 2 Faces Major Security Breach Affecting Over 420,000 User Accounts

Published
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

A significant data breach occurred within the Earth 2 platform, affecting 420,961 accounts. The compromised data primarily involved email addresses and usernames linked to the Virtual Earth game. 

The breach occurred on October 16 and was added to the breach notification service Have I Been Pwned (HIBP) database on November 7, 2024, providing an opportunity for users to check their exposure.

Earth 2's breach stemmed from Gravatar, which presents links to avatars as MD5 hashes in consuming services, and the company has taken immediate action, disabling the feature that allowed this exposure.

While the breach exposed player usernames and email addresses, it is essential to note that no sensitive personal information, such as passwords or financial data, was affected.

Beyond the security breach, Earth 2 is grappling with a series of operational issues that have raised concerns within its community. 

Introducing a new cryptocurrency withdrawal system has been met with poor reception, exacerbated by a restrictive daily limit of £5,000 for all users. This limitation is causing significant delays for users attempting to cash out their earnings, leading to frustration and loss of trust.

Furthermore, removing the land income tax feature has eliminated a primary profit source for many users without any clear explanation, fueling further dissatisfaction.

Compounding these issues is a lack of transparency and communication from the Earth 2 team. Recent actions, such as dismissing a respected moderator from their Discord server and alleged non-payment to developers, have amplified user discontent. 

Additionally, a recent change in the authentication system resulted in a security lapse, allowing unauthorized access to user accounts.

Despite these serious challenges, Earth 2 has continued to introduce superficial updates, such as new skins and features, which have done little to address the underlying problems.

In other news, Massachusetts-based non-profit organization Mystic Valley Elder Services (MVES) suffered a significant data breach affecting approximately 87,000 people, exposing credentials, personal identification details, and financial, legal, and health data.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: