Town of Salem Data Hack Exposes over 7 Million User Accounts
Over the Christmas break, popular online game Town of Salem came under threat by a data hack compromising players passwords, usernames, IP address and much more
BlankMediaGames, the publisher and developer of indie online game Town of Salem has come under fire from a huge data breach over the holiday period which has affected more than 7.6 million players, with hackers gaining access to personal information, including some aspects of players’ payment details. The data hack includes but is not limited to usernames, emails, passwords, IP addresses, game and forum activity, and payment information – With some of the users who paid for certain premium features having their billing information/data breached as well.
Apparently, more than 8.3 million accounts in total have been compromised and of which 7.6 million accounts had unique email addresses. BlankMediaGames advised all users of Town of Salem to change their passwords as soon as possible, but at the last stage, there was probably very little that could be done. Even so, the creators took to Twitter to tweet a brief message to share with those that could be affected:
I come bearing bad news today. It seems that over the break we experienced a data breach. We are very sorry this happened, and are working with Rackspace to make sure it doesn’t happen again. Thest… https://t.co/9UVwU3cTQU
— Town Of Salem (@townofsalemgame) 2 January 2019
They posted a further statement on the Town of Salem game forums site, discussing the matters further:
The BMG staff is just coming back from Christmas/New years vacation and we were informed that there may have been a breach of our database. I am currently in contact with Rackspace to figure out what happened and prevent it from happening again. You should update your Town of Salem passwords to be safe.
We don’t store any credit card or payment info. At all.
All passwords were hashed and not plain text. This means they do not know what your password is unless they run a program to attempt to guess it against the hashed password. Any reasonably strong password will take a very long time to be guessed.
Your accounts should all be safe still if they used the same password, but you can change that as well if you are worried.
The only important data compromised would be your Username/hashed password, IP and email. Everything else is just game related data.
Sorry that this happened, no game creator ever wants to be in this situation and having it happen over the holiday break when everyone was away was terrible timing.
Update: To clarify, we do not handle money. At all. The third party payment processors are the ones that handle all of that. We never see your credit card, payment information, anything like that. We don’t have access to that information”
After some investigating, BlankMediaGames apparently “found and removed 3 different PHP files from our web server that allowed the hacker to have a backdoor into the server” and believed they had stopped the hackers ability “to continue gathering data but we are in the process of contacting security auditing firms and potentially discussing reinstalling all of our servers from scratch just to be 100% sure.”
If you’re a player in Town of Salem, make sure you do change your password as soon as possible to prevent anything else sinister in the meanwhile as BlankMediaGames continue to make their game as safe as possible.