Browser game developer Town of Salem hit by data breach
BlankMediaGames, developer of the browser-based game Town of Salem, was hit by a data breach in late December. The data of 7.6 million users may have ended up on the street.
The leak was disclosed by DeHashed, a search engine for websites and email addresses that have fallen prey to hackers and malware. DeHashed, in turn, got the information from an anonymous tipster who had managed to access the developer’s entire database through BlankMediaGames’s server. Leaked data includes usernames, email addresses, passwords, IP addresses, game and forum activity, and payment information. Players who purchased certain premium features from Town of Salem have also had their billing data vulnerable, according to DeHashed.
This is the first time that BlankMediaGames has been the victim of a security breach. DeHashed therefore calls it ironic that this is an entry-level vulnerability, known as lfi/rfi or in full: local file inclusion/remote file inclusion. In the meantime, the vulnerability has also been confirmed via the Twitter account of Have I Been Pwned. Developer BlankMediaGames has been notified of the issues, but has not yet made an official response.