Millions of Tower of Salem Gamers Hit by Breach

Millions of Tower of Salem Gamers Hit by Breach

Over 7.5 million players of online game Tower of Salem have been affected by a data breach at developer BlankMediaGames (BMG) over the Christmas holidays.

Hacked database search engine provider DeHashed explained in a blog post on Tuesday that it was approached by email last week by someone with a full trove of newly breached data.

The incident stemmed from a local file inclusion/remote file inclusion vulnerability, according to the firm.

“The data affected, includes but is not limited to: Usernames, Emails, Passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP Addresses, Game & Forum Activity, & Payment Information,” it explained. “The total row count is: 8,388,894, with 7,633,234 unique email addresses.”

The firm doesn’t store payment/card information but the above info could be used to launch follow-on phishing attempts. MD5 is also theoretically crackable.

Although BlankMediaGames took a few days to respond to the incident, it apologized in an update on Wednesday, blaming the “terrible timing” of the hack.

“The BMG staff is just coming back from Christmas/New Years vacation and we were informed that there may have been a breach of our database. I am currently in contact with Rackspace to figure out what happened and prevent it from happening again,” noted an official statement on the Tower of Salem forum.

“We don’t store any credit card or payment info. At all. All passwords were hashed and not plain text. This means they do not know what your password is unless they run a program to attempt to guess it against the hashed password. Any reasonably strong password will take a very long time to be guessed.”

Users would still be advised to change their passwords, especially if these credentials are reused on other sites like online banking.

BMG has “removed multiple backdoors on their server” as it looks to remediate the incident, according to DeHashed. The latter also said it had shared the database of breached information with HaveIBeenPwned.

Articles You May Like

Tesla Autopilot arbitration win could set legal benchmark in auto industry
Cloaked manages your logins with proxy emails, phone numbers and a built-in password manager
Budworm APT Evolves Toolset, Targets Telecoms and Government
How much can artists make from generative AI? Vendors won’t say
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

Leave a Reply

Your email address will not be published. Required fields are marked *