BlankMediaGames, the developers of online RPG Town of Salem, has allegedly suffered a massive data breach following unauthorized server access. The Town of Salem data breach appears to have affected more than 7.6 million players, with hackers gaining access to personal information, including players’ payment details.
Originally reported by DeHashed, evidence of server access surfaced on the 28th December 2018, showing that hackers had accessed BlankMediaGames’ full database of player information. This includes usernames, emails, passwords, IP addresses, game & forum activity, and payment information. The Town of Salem data breach appears to have affected more than 8.3 million accounts in total, of which 7.6 million accounts had unique email addresses.
DeHashed also stated that this appears to be the first breach of any kind suffered by BlankMediaGames. The Town of Salem data breach was reportedly caused by an LFI (Local File Inclusion) or RFI (Remote File Inclusion), in which hackers exploit a vulnerability in the host’s PHP web server.
BlankMediaGames have not yet made any statements on this matter, and likewise have reportedly not responded to the contact attempts made by DeHashed since the breach. DeHashed has reached out to the affected players, and advise that anyone affected should alter their passwords as soon as possible.
Data is becoming a much larger issue for developers; just last month, Bethesda Game Studios came under fire for a bug that leaked player information from support tickets, including the ability to gain control over the ticket. Similarly, the developer of an online furry porn game suffered a data breach that affected over 400,000 players last November, after it was initially reported by the breach response website HaveIBeenPwned similar to DeHashed.
Since the Town of Salem data breach, DeHashed has shared the leaked data with Troy Hunt of HaveIBeenPwned, and is working with other security researchers to minimize the damage to players from this attack.