spacetimestudios.com
Apr 1, 2021
In April 2021, US-based game development studio Spacetime Studios suffered a data breach affecting approximately 7.8 million user accounts. The breach was carried out by threat actor @donjuji using a multi-stage attack chain involving Local File Inclusion, Log Poisoning for Remote Code Execution, AWS credential theft via SSRF, and multiple pivots through the internal network exploiting a vulnerable Atlassian instance. Exposed data includes email addresses, first and last names, bcrypt-hashed passwords (cost factor 6), account IDs, registration timestamps, and deletion status.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
SpacetimeStudios__Info.txt8 columns8 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | account_id is an internal UUID identifier |
| 1 | high | column named 'email', values contain @ symbol and valid email domains | |
| 2 | firstName | high | column named 'first_name', values are personal given names |
| 3 | lastName | high | column named 'last_name', values are personal family names |
| 4 | skip | high | deleted is a boolean flag, non-PII account status indicator |
| 5 | skip | high | registration_time is a timestamp, not date of birth |
| 6 | skip | high | verification_time is a timestamp, not date of birth |
| 7 | password | high | column named 'password', values are bcrypt hashes ($2a$06$ format with cost factor 6 as documented in breach) |
Notes: SQL dump from Spacetime Studios breach (April 2021). Table: registered_account. Contains 7.8M user records with bcrypt-hashed passwords. No DOB, SSN, phone, address, or other PII fields present in this table structure.
SpacetimeStudios__data__spacetimestudios_bcrypt_8m__registered_account.csv8 columns7,793,116 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | skip | high | [0] header 'account_id', values are UUIDs — internal account identifiers, not usernames |
| 1 | high | [1] header 'email', values are email addresses with @ symbols | |
| 2 | firstName | high | [2] header 'first_name', values are common given names (mon, sam, benny, etc.) |
| 3 | lastName | high | [3] header 'last_name', values are surnames (mon, estassi, bu, paclik, etc.) |
| 4 | skip | high | [4] header 'deleted', boolean flag (f/t) indicating deletion status — internal flag, not PII |
| 5 | skip | high | [5] header 'registration_time', ISO 8601 timestamps — metadata, not PII |
| 6 | skip | high | [6] header 'verification_time', ISO 8601 timestamps (mostly empty) — metadata, not PII |
| 7 | password | high | [7] header 'password', values are bcrypt hashes ($2a$06$...) as noted in breach context — password hashes are still passwords |
Notes: Spacetime Studios breach — 8 columns total, 3 contain PII (email, first_name, last_name), plus 1 password hash column. Columns 0, 4, 5, 6 are internal metadata/flags. All PII fields are mapped.