On 28th of December, BlankMediaGames, developer of online role-playing browser-based game Town of Salem was hacked that resulted in a massive data breach. Over 7 million user data, including but not limited to emails, passwords and IP addresses were leaked and compromised.
1:31 pm IST: One of the game’s developers posted about the situation on Town of Salem’s official forums –
“Hey everyone,
The BMG staff is just coming back from Christmas/New years vacation and we were informed that there may have been a breach of our database. I am currently in contact with Rackspace to figure out what happened and prevent it from happening again. You should update your Town of Salem passwords to be safe.
Important Notes:
We don’t store any credit card or payment info. At all.
All passwords were hashed and not plain text. This means they do not know what your password is unless they run a program to attempt to guess it against the hashed password. Any reasonably strong password will take a very long time to be guessed.
Your accounts should all be safe still if they used the same password, but you can change that as well if you are worried.
The only important data compromised would be your Username/hashed password, IP and email. Everything else is just game related data.
Sorry that this happened, no game creator ever wants to be in this situation and having it happen over the holiday break when everyone was away was terrible timing.
Update: To clarify, we do not handle money. At all. The third party payment processors are the ones that handle all of that. We never see your credit card, payment information, anything like that. We don’t have access to that information.”
All the players are strictly advised to change their passwords and unauthorise their payment methods as soon as possible.
On the same day, Data-Mining and Hacked Database Search Engine DeHashed received an email from a sender who wishes to remain anonymous that included the evidence of server access and complete database for disclosure. The team at DeHashed has reached out to BlankMediaGames and the company is yet to respond.
“This is the first time the company has ever seen any kind of breach”, DeHashed claims. “…it was caused by an entree-level vulnerability known as “LFI” / “RFI”.
The data breach has compromised over 7,633,234 unique users’ usernames, email addresses, passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP addresses, game and forum activities and payment information.
Top 50 Email Providers – BlankMediaGames
count | |
---|---|
gmail.com | 4530276 |
hotmail.com | 928706 |
yahoo.com | 662824 |
outlook.com | 158033 |
icloud.com | 93557 |
aol.com | 77929 |
live.com | 75164 |
hotmail.co.uk | 63992 |
comcast.net | 26435 |
web.de | 24999 |
ymail.com | 23881 |
mail.ru | 23851 |
google.ca | 20984 |
seznam.cz | 17693 |
wp.pl | 16875 |
gmx.de | 16500 |
msn.com | 15472 |
googlemail.com | 14818 |
live.co.uk | 14800 |
me.com | 14614 |
yahoo.co.uk | 14601 |
abv.bg | 14538 |
hotmail.fr | 14040 |
rocketmail.com | 13263 |
mail.com | 13036 |
hotmail.ca | 11457 |
live.nl | 11094 |
yahoo.ca | 10702 |
live.ca | 9986 |
o2.pl | 9260 |
hotmail.de | 8992 |
windowslive.com | 8910 |
att.net | 8899 |
live.se | 8551 |
sbcglobal.net | 8436 |
yopmail.com | 7938 |
hotmail.it | 7243 |
verizon.net | 7121 |
yahoo.de | 6994 |
aim.com | 6855 |
trbvm.com | 6831 |
yandex.ru | 6785 |
hotmail.se | 6595 |
mvrht.net | 6200 |
live.dk | 5959 |
cox.net | 5741 |
btinternet.com | 5480 |
live.com.au | 5454 |
hotmail.es | 5322 |
yandex.com | 5259 |
“Local File Execution (LFI) and Remote File Execution (RFI) are similar to the nefarious Cross Site Scripting (XSS) attacks. All of them are forms of code injection attack, with the former two being less sophisticated and therefore easily preventable. Although not taken seriously by the security community, LFI and RFI attacks constitute 21 % of all observed web application attacks.” – GetAstra
DeHashed has provided the data to Troy Hunt of HaveIBeenPwned and has teamed up with multiple security researchers in attempts to minimise the damage done by this breach.
We’ve contacted both DeHashed and BlankMediaGames to comment on the situation and update us as frequently as possible. Stay with us to get informed on the story further.
Make sure you subscribe to our push-notifications and never miss an update on the entire situation. Until next time, Happy Gaming!