Another video game has suffered from a data breach. This time, it’s the game called Town of Salem. 7.6 million have been affected.
2019 got off to a rather foreboding start with the 12306 data breach which saw 5 million exposed to hackers. While it was a bad sign that things are getting off to a rocky start, it seems that another breach is proving that January is also going to be a bad month for data leaks and breaches.
Today, another data breach has been identified. This time, it affects those playing the game “Town of Salem”. Hackers apparently gained access to user information. From ZDNet:
A hacker has stolen the personal details of 7.6 million users of browser-based game the “Town of Salem,” BlankMediaGames (BMG) admitted yesterday in a blog post.
The hack came to light after a mysterious person sent a copy of the stolen data to DeHashed, a commercial data breach indexing service.
DeHashed says it spent all the Christmas and New Year holiday trying to contact BMG and alert the game maker of the hack and its still-compromised server.
The hacked servers were finally secured and “multiple backdoors removed” this week. According to an analysis of the stolen user data received by DeHashed, the following information appears to have been exfiltrated from Town of Salem servers:
– Email addresses
– Passwords in the (phpass, MD5(WordPress), MD5(phpBB3)) format
– IP addresses
– Game & forum activity
– Purchased game premium features, but without payment information or credit card details
The good news in all of this is that financial details were not affected. The game maker said that this is not handled on their servers. So, such information is secure for the time being.
At this point, depending on how accounts are configured, the best thing users can do is change their passwords for the game, forums, purchasing account (if different), and maybe even the e-mail address associated with the account for good measure. Additionally, it wouldn’t hurt to scan their machines for malware in the event those backdoors were responsible for dropping things like keyloggers or other forms of malware onto users computers. That’s not to say that it certainly what is happening, but it is a sensible precautionary measure given the details of the breach in the first place.
Really, this breach could have been a whole lot worse. Of course, it would have been better if there was no breach at all. Still, not a good week for BlackMediaGames.