On December 28th, a leak from an anonymous source was given to the security firm DeHashed that provided evidence that the servers of the online game ‘Town of Salem’ had occurred. It was later officially confirmed on the game forum by developer, BlankMediaGames (BMG) that the breach did indeed occur. This data breach affects 7.6 million players which includes private information such as email addresses, usernames, IP addresses, player activity, passwords (hashed with a mix of phpass and MD5), and payment information.
According to a staff member from BMG, credit card information was not exposed. From a user in this reddit thread, about 2 million passwords are already potentially exposed due to the password hashes used being very weak. BMG has made a statement that the servers have been patched and the threat mitigated but they are currently dealing with the public aftermath of the breach.
Users are wondering why it took so long for BMG to make a statement or even a response to DeHashed after they contacted them five times with clarifying details on the breach.
Users are strongly advised to change their account passwords along with any other accounts they used the same password with. An email detailing some of the details of the breach was sent by BMG as shown below:
If anyone forgets their game password, they can either contact BMG support and check out https://haveibeenpwned.com/to find their password associated with their account