Town of Salem Data Breach

  • By David Lukic
  • Nov 02, 2021

Online gaming company BlankMediaGames (BMG) suffered a major data breach in January of 2019 when a small hacker group copied their database and stole credentials for 7.6 million users of the game called Town of Salem exe.

An anonymous email was sent to the security research firm called “DeHashed” in which the sender revealed the data breach and confirmed it with a copy of the entire player database totaling 7,633,234 users.

The data breach exposed players’ names, email addresses, usernames, IP addresses, passwords, game and forum activities, credentials for WordPress, and the database from which it was stolen. Although players can pay for premium services, BMG does not handle payment details; those are sent through to their payment processor who was not hacked, so no payment details were exposed in this data breach.

The passwords stolen were hashed, but hackers were able to decrypt them easily. In a Reddit forum post, one user claiming to the part of the group who breached the game said that hacking the database “was a lot simpler than everyone thinks it is.” The cybercriminal explains that it was an easy job to decrypt the passwords due to storing files in the notoriously insecure phpBB.

He or she goes on to boast,

“These credentials have been excellent for trying against many games, and we’ve made tens of thousands from checking these combos and selling copies of the database. The disclosure was too late, we’ve already made swift use of the credentials. We don’t care about your Town of Salem accounts; those are of no value whatsoever to us, we care about other sites.”


Town of Salem Hack

Basically, the author goes on to describe the entire affair and blames the company for reusing passwords, which made it easy for them to access the database of users. They also make some suggestions on how to improve their security and even mention an alternate platform BMG should use.

A year after this breach, independent researchers ran a script to test how many of the leaked accounts were still using the same passwords, and shockingly more than 961,000 accounts were still using the old, breached passwords. The game owners never reset the accounts or forced a change until they were notified of this research and fixed it in October 2020. Other than a vague blog post, BMG never officially notified users of the breach of their accounts.

When Was the Town of Salem Data Breach?

Initially, the data breach of the Town of Salem game was assumed to have occurred on January 1, 2019. On January 16, 2019, the anonymous hacker posted a very long detailed account on Reddit of the process, why they did it, and how. They even provided explicit details with samples of the stolen data that moderators removed for privacy reasons. He also corrected the timing and said the hack actually took place on December 13, 2018. He also mentions three other accomplices making them a four-person hacking group.

How to Check if Your Data Was Breached

Although BlankMediaGames did not notify users of the breach except in a short blog post on their forum, they finally reset all passwords in October 2020 and forced all users who had not yet reset them to change their password immediately. You can use third-party resources to check to see if your Town of Salem credentials shows up on the dark web. Since more than 7.6 million were stolen, chances are you were included in the mix.

Town of Salem Data Breach

What to Do If Your Data Was Breached

If your account was among the many breached, immediately change your password if, for some reason, the game hasn’t forced you to already. If you reused that password anywhere else on any other web service, change it immediately. The hacker who posted on Reddit mentioned that this breach would never have happened if people didn’t reuse the same passwords and that their goal was to reuse these credentials on other websites for financial gain. 

Are There any Lawsuits Because of the Data Breach?

No lawsuits or legal issues have been posted yet regarding this data breach.

Can My Town of Salem Hack Information Be Used for Identity Theft?

Yes. All hackers need is your name, email address, and one password on any account you use to wage a war of identity theft on you. With so many data breaches occurring all the time, the dark web is a treasure trove of information, and they can link a few bits of information about you to an entire profile. Once they have some information, they could potentially access your other accounts (even bank and credit card accounts), send you phishing emails, or perpetrate fraud by sending you spam calls. You can never be too careful, and even a tiny bit of information can lead to identity theft or worse.

BlankMediaGames Data Breach

What Can You Do to Protect Yourself Online?

You can’t play online games without having an account, so how do you keep your stuff safe?

The first rule of thumb that we learned from this singular breach is never to reuse passwords. Some other tips are:

  • Change your password on all accounts often and create really long, strong passwords using a combination of letters, symbols, and numbers. Vary the case with letters also to make them even harder to decrypt. 
  • Always sign up for 2-factor authentication when available. This helps to keep your account safe and prevents hackers from gaining access without your mobile device.
  • Never click a link in an email.
  • Install good antivirus/anti-malware software on all your devices and run deep scans often. This is especially important for gamers.
  • Only use one dedicated credit card for online purchases to minimize your risk.
  • Keep a close eye on your credit reports, bank statements, and credit card charges.
  • Keep an eye out for suspicious emails and phone calls. If you did not initiate the action, hang up, or delete the email. Most fraud and scams are perpetrated through email and phone calls. 

Always use common sense and never share your credentials with anyone or give out personal information unless you initiated the contact.

About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

Family Dollar & Dollar Tree Bleed Consumer Data Following Cyberattack

In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer's dream; they offer low-priced goods for families in 8,200 locations nationwide.

Weekly Cybersecurity Recap December 1

Weekly Cybersecurity Recap December 1

This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International.

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment Breach Update, Millions of Gambler Records Compromised

Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address