Town of Salem Data Breach

  • By David Lukic
  • Nov 02, 2021

Online gaming company BlankMediaGames (BMG) suffered a major data breach in January of 2019 when a small hacker group copied their database and stole credentials for 7.6 million users of the game called Town of Salem exe.

An anonymous email was sent to the security research firm called “DeHashed” in which the sender revealed the data breach and confirmed it with a copy of the entire player database totaling 7,633,234 users.

The data breach exposed players’ names, email addresses, usernames, IP addresses, passwords, game and forum activities, credentials for WordPress, and the database from which it was stolen. Although players can pay for premium services, BMG does not handle payment details; those are sent through to their payment processor who was not hacked, so no payment details were exposed in this data breach.

The passwords stolen were hashed, but hackers were able to decrypt them easily. In a Reddit forum post, one user claiming to the part of the group who breached the game said that hacking the database “was a lot simpler than everyone thinks it is.” The cybercriminal explains that it was an easy job to decrypt the passwords due to storing files in the notoriously insecure phpBB.

He or she goes on to boast,

“These credentials have been excellent for trying against many games, and we’ve made tens of thousands from checking these combos and selling copies of the database. The disclosure was too late, we’ve already made swift use of the credentials. We don’t care about your Town of Salem accounts; those are of no value whatsoever to us, we care about other sites.”

Town of Salem Hack

Basically, the author goes on to describe the entire affair and blames the company for reusing passwords, which made it easy for them to access the database of users. They also make some suggestions on how to improve their security and even mention an alternate platform BMG should use.

A year after this breach, independent researchers ran a script to test how many of the leaked accounts were still using the same passwords, and shockingly more than 961,000 accounts were still using the old, breached passwords. The game owners never reset the accounts or forced a change until they were notified of this research and fixed it in October 2020. Other than a vague blog post, BMG never officially notified users of the breach of their accounts.

When Was the Town of Salem Data Breach?

Initially, the data breach of the Town of Salem game was assumed to have occurred on January 1, 2019. On January 16, 2019, the anonymous hacker posted a very long detailed account on Reddit of the process, why they did it, and how. They even provided explicit details with samples of the stolen data that moderators removed for privacy reasons. He also corrected the timing and said the hack actually took place on December 13, 2018. He also mentions three other accomplices making them a four-person hacking group.

How to Check if Your Data Was Breached

Although BlankMediaGames did not notify users of the breach except in a short blog post on their forum, they finally reset all passwords in October 2020 and forced all users who had not yet reset them to change their password immediately. You can use third-party resources to check to see if your Town of Salem credentials shows up on the dark web. Since more than 7.6 million were stolen, chances are you were included in the mix.

Town of Salem Data Breach

What to Do If Your Data Was Breached

If your account was among the many breached, immediately change your password if, for some reason, the game hasn’t forced you to already. If you reused that password anywhere else on any other web service, change it immediately. The hacker who posted on Reddit mentioned that this breach would never have happened if people didn’t reuse the same passwords and that their goal was to reuse these credentials on other websites for financial gain. 

Are There any Lawsuits Because of the Data Breach?

No lawsuits or legal issues have been posted yet regarding this data breach.

Can My Town of Salem Hack Information Be Used for Identity Theft?

Yes. All hackers need is your name, email address, and one password on any account you use to wage a war of identity theft on you. With so many data breaches occurring all the time, the dark web is a treasure trove of information, and they can link a few bits of information about you to an entire profile. Once they have some information, they could potentially access your other accounts (even bank and credit card accounts), send you phishing emails, or perpetrate fraud by sending you spam calls. You can never be too careful, and even a tiny bit of information can lead to identity theft or worse.

BlankMediaGames Data Breach

What Can You Do to Protect Yourself Online?

You can’t play online games without having an account, so how do you keep your stuff safe?

The first rule of thumb that we learned from this singular breach is never to reuse passwords. Some other tips are:

  • Change your password on all accounts often and create really long, strong passwords using a combination of letters, symbols, and numbers. Vary the case with letters also to make them even harder to decrypt. 
  • Always sign up for 2-factor authentication when available. This helps to keep your account safe and prevents hackers from gaining access without your mobile device.
  • Never click a link in an email.
  • Install good antivirus/anti-malware software on all your devices and run deep scans often. This is especially important for gamers.
  • Only use one dedicated credit card for online purchases to minimize your risk.
  • Keep a close eye on your credit reports, bank statements, and credit card charges.
  • Keep an eye out for suspicious emails and phone calls. If you did not initiate the action, hang up, or delete the email. Most fraud and scams are perpetrated through email and phone calls. 

Always use common sense and never share your credentials with anyone or give out personal information unless you initiated the contact.

About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in t ... Read More

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. Wha ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

Latest Articles

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world.

Weekly Cybersecurity Recap January 27

Weekly Cybersecurity Recap January 27

This week, our lineup is pretty hard-hitting. Some of the biggest names in, well, everything, have been hacked, with a combined victim total of well into the millions.

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close