27% of Passwords From Town of Salem Breach Already Cracked


27% of Passwords From Town of Salem Breach Already Cracked (Jan 5, 2019)

Over 7.6 million unique accounts for the browser-based game "Town of Salem," had their various forms of data exposed following a server getting hacked by an unknown actor. The actor was able to obtain access to the game's database via an installed backdoor on the server. The data breach compromised user information including emails, hashed passwords (phpass, MD5 (WordPress)), MD5 (phpBB3)), IP addresses, game and forum activity, payment information such as billing information, and usernames. Since the breach which became apparent according to "DeHashed," a leaked information lookup site, on December 28, 2018, over 27%, or over 2.1 million, encrypted passwords have been decrypted via "Hashes[.]org." The creators of Town of Salem have removed three php files that allowed the threat actor the ability to install the backdoor to the server.

Recommendation: Users should change their passwords for this game immediately, as well as any sites that use the same password. Leaks of this sort causes individuals to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.