Gamigo, Parapa Mail and others fall victim of data leaks.
28 March 2021BREACHAWARE HQ
A total of 25 breach events
were found and analysed resulting in 29,612,629 exposed accounts
containing a total of 6 different data types of personal datum
. The breaches found publicly and freely available included Gamigo, Parapa Mail, Fantase Game, Cheat Portal and Nihonomaru. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data.
Data Breach Analysis
These breaches, which were publicly and freely accessible, affected platforms across gaming, entertainment, and niche online communities. Among the more recognisable names impacted were Gamigo, Parapa Mail, Fantase Game, Cheat Portal, and Nihonomaru, each reflecting a different facet of online user activity.Gamigo stands out as one of the most prominent breaches in this dataset. Known as a publisher and operator of multiplayer online games, Gamigo has serviced millions of users across titles such as Fiesta Online, Last Chaos, and other MMORPGs. The breach involving Gamigo is particularly notable because of the demographic overlap it shares with other entertainment and communication services: long-time users who maintain persistent online profiles.
Though passwords were hashed, the age of the breach and the technology used at the time raise concerns about the viability of cracking these credentials using brute-force methods. More importantly, the pattern of reused passwords across different services means that a compromise on a gaming platform, even one that seems low-stakes, can quickly extend to personal email accounts or other more sensitive digital environments. Gamers also frequently store payment data or make in-game purchases, which, although not always compromised directly, may expose them to fraud through account takeovers or phishing lures mimicking customer support.
Parapa Mail, believed to be tied to communication services associated with the online dance game "Para Pa: The Rapper", reflects a niche but dedicated community. It likely functioned either as an in-game communication tool or an external messaging system linked to the platform. The implications here speak to the erosion of privacy in online social communities. Users in these environments often maintain overlapping friendships and may share sensitive or personal information over platforms they assume to be semi-private. The likelihood of impersonation or unwanted contact is particularly relevant in fan-driven communities where interaction spans forums, game servers, and direct messaging platforms.
Fantase Game and Cheat Portal fall into the broader category of gaming-adjacent platforms, but with subtly different user behaviours. Fantase Game may relate to fantasy sports or virtual role-playing, both of which typically involve creating user avatars, maintaining scores or stats, and in some cases, social interaction with other participants. Breaches involving these platforms can expose details that, while not inherently sensitive, may tie together online identities across gaming ecosystems. Cheat Portal, on the other hand, likely catered to users seeking gaming advantages, workarounds, or exploit information. The exposure of users on such platforms carries reputational risk, especially among younger or competitive gamers. Being associated with cheating, even tangentially, may impact one's participation in competitive gaming circles, or worse, become a vector for blackmail or extortion in extreme cases.
Nihonomaru adds an international dimension to the breach landscape, particularly within the context of anime and Japanese media fandoms. The platform, long known for its deep forums, media-sharing features, and subtitled video content, built a loyal user base around hard to find or niche interest material. A breach involving such a platform potentially exposes more than just basic login data, it implicates entire user histories, from forum discussions to bookmarked content. This not only affects users’ privacy but also creates a broader conversation around data stewardship in culturally-specific or regionally popular communities. For non-Western platforms or those serving cross-language audiences, the challenges of data protection are compounded by jurisdictional complexities and the relative absence of global regulatory enforcement.
The cumulative volume of accounts, over 29 million, across these 25 breach events may seem moderate in comparison to some headline making breaches involving hundreds of millions of users. But the real impact lies in the nature of the communities affected and the diversity of exposed data types.
The breadth of data types opens up multiple threat vectors. While direct financial harm may not be the immediate risk for many users in this dataset, the long-tail effects are significant. For example, with just an email address and associated usernames, attackers can launch credential stuffing attacks on other platforms. If additional details such as date of birth or location are present, identity theft or social engineering attempts become easier to execute. Furthermore, data obtained from entertainment or gaming platforms can be combined with breached datasets from unrelated sectors to build more detailed user profiles.
The psychological dimension of breaches in these communities is also worth noting. For users who frequent forums like Nihonomaru or engage with niche content on Fantase Game or Cheat Portal, the community itself is a space of identity, exploration, and often escapism. A breach feels more than just transactional—it can be personal. The exposure of usernames tied to fandom interests, particularly those involving adult or fringe content, risks de-anonymisation and public shaming. These are not always adequately addressed in mainstream cybersecurity discourse, but they are very real consequences for the affected users.
The broader issue this cluster of breaches raises is the life span of user data. Many of the platforms involved may be outdated, defunct, or operating at reduced capacity. Yet, the data remains persistent, waiting to be rediscovered and redistributed. This highlights a growing tension between users’ digital footprints and the lack of expiration mechanisms in online account ecosystems. Unlike physical communities, digital ones rarely disappear. Their infrastructure may decay, but the traces of their users remain accessible, sometimes permanently.
This leaves a trail not just for attackers but for researchers, marketers, and other interested third parties who may use these datasets for purposes ranging from benign to highly intrusive. The implications are not limited to the platforms breached but extend into every other system where a user’s digital identity overlaps.
Ultimately, the analysis of these 25 breaches underscores the fragile nature of online identity. From gamer tags and anime forum handles to cheat site memberships, these identities are more than disposable. For many, they are tied to communities, creative output, or long-standing digital histories. When these are exposed, the result is not just an inconvenience, but a disruption of digital continuity, one that erodes trust and leaves users scrambling to clean up the fallout from platforms they may not have interacted with in years.