The game developers have only commented on the incident in a small online forum
Cybersecurity and ethical hacking specialists
from the International Institute of Cyber Security reported that “Town of Salem”, a browser-based
videogame, was the victim of a data breach in which perpetrators stole personal information of nearly 7.5 million
users. BlankMediaGames, developer of
the videogame, unveiled the incident through a post on its blog.
The incident was discovered after an anonymous
user sent a copy of the stolen information to the DeHashed platform, a
commercial data breach indexing service.
DeHashed admins claim that they tried to
contact BlankMediaGames for over a week to alert them on the situation, warning
that their servers could still remain compromised.
According to experts in cybersecurity, the compromised servers were finally secured during the first days of
the year, in addition to the administrators eliminating some backdoors.
According to the analysis performed by the DeHashed platform, among the “Town
of Salem” user data we can find:
- Usernames
- Email
Address - Passwords
- IP
addresses associated with the user - Activity
in the videogame and in the forum - Videogame
purchases (not including payment card information)
Regarding the leaked data, one of
BlankMediaGames developers commented: “We want to point out that we do not
handle money. A third-party payment processor takes care of that.
BlankMediaGames has never seen a single credit card, payment information, etc.
We don’t have access to such data”.
DeHashed, a platform similar to the well-known Have I Been Pwned, is also working
together with other members of the cybersecurity community. For example,
registered users in Have I Been Pwned have received updates on this incident
made by DeHashed.
So far, BlankMediaGames has not directly notified
users affected by data breach, limiting itself to making a publication in the
online game forum. In this post, the company recommends that gamers change the
passwords of their accounts; still, some users consider that the company could
do better to inform users about the status of their data.
