Its only been a couple of months since we last reported on a big game hack that exposed millions of users. Several million people have now been exposed in a Town of Salem breach. This hack has exposed user email addresses, usernames, IP addresses, passwords, and purchase histories of 7.6 million users around the world. This breach may also contain payment card information, but there seems to be some confusion with some sites reporting that it was included while others don’t.
The exposure was first discovered by DeHashed who have now attempted to reach out to Town of Salem creators BlankMediaGames. So far the studio has been completely silent on the matter despite attempts over several days to communicate with them. It is unclear at this point if the studio is aware of the problem, or if they’re going to do anything about it. DeHashed has been working with Have I Been Pwned to get the word out about this breach.
Many longtime followers of Town of Salem aren’t surprised by this breach of information. They point out that the official site isn’t secure and that rather than using ReCaptcha to keep their game bot free the studio made their own which only ever asks one question…Who is on the 1 dollar bill? For anyone who knows anything about internet security that is at best a laugh and at worst a nightmare waiting to happen.
Normally in this situation, the advice is to change your password on the impacted account immediately. But, without any word from the company that this has been fixed that would mean that password would be exposed as well. For now, the advice is to change your password on any account that might have used the same password and keep an eye on the account that your card is connected to for any charges that you don’t make.
Update:
After many hours the developers issued a response on their forums, and only their forums saying the following.
Hey everyone,
The BMG staff is just coming back from Christmas/New years vacation and we were informed that there may have been a breach of our database. I am currently in contact with Rackspace to figure out what happened and prevent it from happening again. You should update your Town of Salem passwords to be safe.
Important Notes:We don't store any credit card or payment infoAll passwords were hashed and not plain text, so your emails should all be safe still if they used the same password, but you can change that as well if you are worried.
The only important data compromised would be your Username/hashed password, IP and email. Everything else is just game related data.
Sorry that this happened, no game creator ever wants to be in this situation and having it happen over the holiday break when everyone was away was terrible timing.'
Source: DeHashed, Have I Been Pwned, Town of Salem Official Forums
