The popular online video game The Town of Salem is the latest victim of a cyber-attack that compromised the personal information of more than 7 million users. The Town of Salem is a role-playing game operated by BlankMediaGames with around 8 million users.
BlankMediaGames confirmed that its servers and databases were hacked, resulting in data theft of users’ names, emails, passwords, IP addresses, and Game & Forum Activity. The gaming company said that it never stores credit card, payment information or personal identifying information of the users. BlankMediaGames notifying the users about the data breach via emails and suggesting them to change their passwords to prevent further loss.
“We don’t store any credit card or payment info. At all. All passwords were hashed and not plain text. This means they do not know what your password is unless they run a program to attempt to guess it against the hashed password. Any reasonably strong password will take a very long time to be guessed. Your accounts should all be safe still if they used the same password, but you can change that as well if you are worried,” BlankMediaGames said in a post.
BlankMediaGames stated the breach was discovered by a hacked-database search engine Dehashed on December 28, 2018. Dehashed stated that it has received information about the breach from an anonymous source. It also said that the breach was caused by an entry-level vulnerability known as LFI / RFI.
“On 12/28/2018 we’ve received an email regarding the popular online RP game “Town Of Salem”s breach. The sender, who wishes to be anonymous at this time, provided Dehashed with evidence of server access and provided the complete database for disclosure. We’ve reached out to BlankMediaGames regarding a statement and to provide assistance with securing their servers,” Dehashed stated in a post.
Even after the improved security measures, the data hacks have become common in the online gaming industry. Recently, Humble Bundle, a digital storefront for video games, revealed that it has suffered a data breach in late November that might have compromised the information like customers’ account details and subscription status.
The company stated that hackers exploited a bug used to gather the subscriber information in the company’s server and illegally gained access to its customers’ email addresses and their Humble Bundle subscription details. However, Humble Bundle clarified that no sensitive information such as customer name, billing address, password, and payment information was exposed in the incident.