[Update] BlankMediaGames' CEO has released an updated forum post on the situation:
We have found and removed 3 different php files from our webserver that allowed the hacker to have a backdoor into the server. Rackspace is also running a malware check on all of our servers. We believe we have stopped their ability to continue gathering data but we are in the process of contacting security auditing firms and potentially discussing reinstalling all of our servers from scratch just to be 100% sure.He also reiterates that the company is sending out emails to the nearly 8 million users who were affected, though this is a time-consuming process. Despite the problem possibly being handled, make sure that you have changed your password if you have a Town of Salem account.
[Original Story] If you've played Town of Salem at some point in the game's lifespan, chances are you've just had your account data breached.
This comes after many users received an email by haveibeenpwned.com, a website that notifies you of data breaches. The email says over 7.5 million accounts were compromised, including "browser user agent details, email addresses, IP addresses, Passwords, Purchases, Usernames, [and] Website Activity."
Town of Salem is a game where players have various roles in town and can perform an action each night. There are teams like the Mafia that can kill other villagers, take over identities of killed-off players, and more. The ultimate goal for several factions in the game is to be the last ones standing. Players can also deliberate and vote to hang someone each day. If you're familiar with the old Mafia/Werewolf forum games (a product of a bygone era), then this is it in video game form.
DeHashed, another website that let's users know if your data has been breached, says that some individuals that paid for premium purchases in Town of Salem had their billing information compromised as well.
Interestingly, DeHashed has contacted Town of Salem developers BlankMediaGames multiple times since the breach, which occurred on December 28, 2018. DeHashed has offered assistance in removing the supposed malware infecting BlankMedia's servers.
The developers were on break and have just come back, according to an official forum post, which is possibly why they are responding just now. The official statement said:
The BMG staff is just coming back from Christmas/New years vacation and we were informed that there may have been a breach of our database. I am currently in contact with Rackspace to figure out what happened and prevent it from happening again. You should update your Town of Salem passwords to be safe.Contradicting DeHashed's report, BlankMediaGames says they do not store card or payment info. They said: "The only important data compromised would be your Username/hashed password, IP and email. Everything else is just game related data."
Passwords are hashed, so this means that the passwords are converted into a bunch of numbers and letters. It's still your password, and if it's simple enough it can be deciphered, but for the most part it looks like a bunch of nonsense to the naked eye.
Still, it would be very wise to change your password and make sure you don't have any payment info stored on BlankMediaGames' site. This is done through game's forums. Go to the "User Control Panel" at the top left of the forums and click the "Profile tab." Then go to "Edit account settings" and change your password. You can also reset your password by going to this link.
What's your take on this data breach? Let us know in the comments below!