NationStates is a mulitplayer in-browser government simulation game. In late January the developers received a report from a player who claimed to have found a vulnerability, but also accessed user data in the process. The player has a history of reporting vulnerabilities like these and promises that any user data downloaded was deleted, but out of caution the devs are treating this like a breach. The exposed data included email address (including past email addresses), IP address, browser UserAgent strings, passwords stored in MD5, and DMs.
This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/02/06/data-breach-roundup-jan-30-feb-5-2026