Data breach in “Town of Salem” videogame affects over 7 million users

The game developers have only commented on the incident in a small online forum

Cybersecurity and ethical hacking specialists from the International Institute of Cyber Security reported that “Town of Salem”, a browser-based videogame, was the victim of a data breach in which perpetrators stole personal information of nearly 7.5 million users. BlankMediaGames, developer of the videogame, unveiled the incident through a post on its blog.

The incident was discovered after an anonymous user sent a copy of the stolen information to the DeHashed platform, a commercial data breach indexing service.

DeHashed admins claim that they tried to contact BlankMediaGames for over a week to alert them on the situation, warning that their servers could still remain compromised.

According to experts in cybersecurity, the compromised servers were finally secured during the first days of the year, in addition to the administrators eliminating some backdoors. According to the analysis performed by the DeHashed platform, among the “Town of Salem” user data we can find:

  • Usernames
  • Email Address
  • Passwords
  • IP addresses associated with the user
  • Activity in the videogame and in the forum
  • Videogame purchases (not including payment card information)

Regarding the leaked data, one of BlankMediaGames developers commented: “We want to point out that we do not handle money. A third-party payment processor takes care of that. BlankMediaGames has never seen a single credit card, payment information, etc. We don’t have access to such data”.

DeHashed, a platform similar to the well-known Have I Been Pwned, is also working together with other members of the cybersecurity community. For example, registered users in Have I Been Pwned have received updates on this incident made by DeHashed.

So far, BlankMediaGames has not directly notified users affected by data breach, limiting itself to making a publication in the online game forum. In this post, the company recommends that gamers change the passwords of their accounts; still, some users consider that the company could do better to inform users about the status of their data.