skip to Main Content

Town of Salem Breach Affects 7 Million Accounts

As a notable predecessor of the wildly popular Among Us video game, The Town of Salem is a popular online role-playing game where players take on different roles in a fictional town and try to find out who among them is lying. It is operated by BlankMediaGames, also known as BGM. However, in late December 2018, the game suffered a massive data breach that exposed the personal information of more than 7 million users.

The breach was discovered by the cybersecurity researcher Dehashed on December 28, 2018, when he received an anonymous email that indicated someone had gained unauthorized access to the game’s database. Dehashed reported the stolen data includes usernames, emails, passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP addresses, game and forum activity, and some payment information for those members who have paid for the games premium services.

The company posted a response saying it is investigating the problem and put out a patch to block access. Players were advised to change their passwords as soon as possible. In addition, it was clarified that The Town of Salem game devs did not handle any credit card or payment information directly; they used third-party payment processors for that purpose:

“We don’t store any credit card or payment info. At all. All passwords were hashed and not plain text. This means they do not know what your password is unless they run a program to attempt to guess it against the hashed password. Any reasonably strong password will take a very long time to be guessed,” BlankGamingMedia wrote, adding most of the user data it stores is game related.

 

What Caused the Town of Salem Data Breach?

Dehashed believes access was gained using an LFI/RFI attack, which is similar to a cross-site scripting attack.

 

What Are Some Common Causes of Data Breaches on Websites?

Data breaches are incidents where sensitive or confidential information is accessed or disclosed without authorization. Data breaches have serious consequences for both individuals and organizations, such as identity theft, financial losses, reputational damage, legal liabilities, and regulatory fines.

There are many possible causes of data breaches on websites, but some of the most common ones are as follows:

Stolen or weak credentials:

The vast majority of data breaches are caused by stolen or weak If malicious criminals have your username and password combination, they have an open door into your network. Credentials can be stolen through phishing, malware, social engineering, brute force attacks, or data leaks.

Application vulnerabilities:

Websites often rely on various applications and software to run smoothly and However, these applications may have flaws or bugs that can be exploited by hackers to gain access to your data. For example, back doors, SQL injections, cross-site scripting (XSS), and broken authentication are some common types of application vulnerabilities.

Malware:

Malware is a general term for any malicious program that can harm your device or Malware can infect your website through various vectors, such as email attachments, downloads, compromised plugins, or third-party services. Malware can perform various actions on your website, such as encrypting your data for ransom, stealing your information, redirecting your traffic, or defacing your pages.

Social engineering:

Social engineering is a technique where hackers manipulate or deceive people into divulging sensitive information or performing certain actions. Phishing emails, for example, often use urgent and persuasive language to push the victim to comply with their request.

User errors:

Sometimes data breaches are caused by human mistakes or For example, a user may accidentally delete or overwrite important files, misconfigure security settings, leave their device unattended or unprotected, share their passwords with others, or use public Wi-Fi networks without encryption. These errors can expose website data to unauthorized access or loss.

How to Prevent Data Breaches:

Data breaches on websites can be prevented by following some best practices and implementing some security measures. Some of the ways you can protect your website from data breaches are:

Use strong and unique passwords:

As a general rule, a strong password should be at least 8 characters long and contain a mix of uppercase and lowercase letters, numbers,and symbols. A unique password should not be reused for multiple accounts or services. You should also change your passwords regularly.

Update your applications and software:

Applications and software that run your website may have vulnerabilities that can be exploited by hackers. Always keep them updated with the latest patches and fixes that address these Remove any unused or outdated applications or plugins that may pose a security risk.

Install antivirus and firewall software:

Antivirus and firewall software can detect and block malware and other malicious programs that may try to infect your website or device. Install reputable antivirus and firewall software on your device and keep them updated with the latest virus definitions and rules. You can also scan your device and website regularly for any signs of infection or compromise.

Use encryption and SSL certificates:

Encryption is a process of transforming data into an unreadable format that can only be deciphered by authorized SSL certificates are digital certificates that verify the identity of a website and enable secure communication between the website and the user’s browser. By using encryption and SSL certificates, you can protect your website data from being intercepted or tampered with by hackers or eavesdroppers.

Educate yourself and your users:

Education is key to preventing data breaches on websites. Educate yourself and your users about common causes and signs of data breaches, best practices and security measures to prevent them, and steps to take in case of a breach. You should also create and enforce a clear security policy for your website that outlines the roles and responsibilities of each user, the rules and guidelines for accessing and handling data, and the procedures for reporting and responding to

 

Rely on RegDOX for Secure Document Management

The Town of Salem data breach was one of the largest gaming-related breaches in recent history, affecting millions of players who trusted BMG with their personal data. It also raises questions about the security practices of BMG and how they stored and protected their users’ data. The breach could have serious consequences for the players, such as identity theft, phishing attacks, spam emails, and account hijacking. It is a reminder that every individual should be vigilant and monitor their online accounts for any suspicious activity or unauthorized changes.

Keep all your bases covered with help from the experts at RegDOX.

Since 2007 we’ve delivered comprehensive risk management solutions for a wide range of industries. Along the way we’ve received certificates and awards from the Export Administration Regulations, the U.S. State Department/International Traffic in Arms Regulations, the National Institute of Standards and Technology, and many more. Additionally, we are dedicated to staying up to date on the latest cybersecurity news impacting file storage, file sharing, and

cross-collaboration. Today we offer a full suite of products and services designed to provide you with a secure, centralized, and easy-to-use platform for managing your most critical information.

To Try Out Our Solution For Free: Click Here

To Get in Contact with Us: Click Here or Reach us by:

Phone: (800) 517-3171

Email: sales@regdox.com

Click to rate this post!
[Total: 0 Average: 0]

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top