A massive data breach has reportedly occurred of the popular online social RP game Town of Salem. The game, which provides a service enabling users to play a version of the popular secret role game Mafia or Werewolf, touts a userbase of almost 8 million players. It seems that the hack accessed a variety of user data, including usernames, emails, passwords, and even a limited amount of billing and payment information.
Town of Salem's hack is being reported by DeHashed, a hacked-database search engine claiming to be in service of security efforts. Someone associated with the hack of Town of Salem is said to have reached out to Dehashed with information regarding the hack, including providing evidence of breached server access and the entire database of hacked information.
The extent of the breach is said to be extreme, with 7,633,234 unique email addresses cataloged in the hacked database. The information reportedly included in the hack is as listed:
- IP Addresses
- Game and Forum Activity
- Payment Information
- Billing Information of Certain Premium Users
As evidence towards the veracity of their report on the hack, DeHashed provided a sorted list of the "Top 50 Email Providers" found within the hacked database. This information would allow for Town of Salem developer BlankMediaGames to verify the hack. BlankMediaGames has since confirmed the breach, though it disagrees with DeHashed on certain details. The two are apparently now in contact.
Hey Townies,— Town Of Salem (@townofsalemgame) January 2, 2019
I come bearing bad news today. It seems that over the break we experienced a data breach. We are very sorry this happened, and are working with Rackspace to make sure it doesn't happen again. Thest... https://t.co/9UVwU3cTQU
Wednesday morning BlankMediaGames confirmed that its servers and databases had been breached. The BlankMediaGames team was unfortunately on a holiday break over Christmas and New Years, preventing them from being made aware of the December 28 breach and the follow-up contact from DeHashed.
According to BlankMediaGames, the breach did have broad access to user data but maintains certain security measures prevented a worst-case scenario. For one, BlankMediaGames says that all passwords in the database were hashed and not plain text. Second, BlankMediaGames claims that it does not store credit card or payment information.
For the time being, BlankMediaGames is looking into the breach to ensure that its servers are secure and to make sure a similar breach doesn't happen again in the future. It recommends that Town of Salem users update their passwords "to be safe."
Major database hacks are not uncommon in online gaming, though security measures have improved in recent years. Sony's PlayStation Network was hacked in 2011 affecting over 75 million users, Steam was similarly hacked in 2011 affecting as many as 35 million users, and several more major companies in several different countries have faced similar issues. The BlankMediaGames hack is certainly the largest breach in recent memory, though. Changing passwords should likely feel routine for most online game players anymore, though that likely won't make Town of Salem players feel any better at this point.
Town of Salem is available now on PC.