Hackers have broken into a database belonging to the popular Town of Salem online game and stolen the details of over seven million players.
BlankMediaGames, the creators of Town of Salem, has sent emails to players warning that personal information stolen by the hackers may include email addresses, full names, postal addresses, usernames, encrypted passwords, forum activity, IP address, and game activity.
BlankMediaGames said no payment information was hacked because a third party provider handles payments and as such this information is kept on other servers.
Food for phishing
That said the stolen data is certainly a catch for the hackers. Either they will use it themselves or put it up for sale on the dark web.
It can then be used to launch:
- Phishing attacks, specifically targeting Town of Salem players.
- Attacks that appeal generally to gaming fans, such as hooks that offer free access to the beta launch of a new game, discounts for existing games and so on.
- More generalised phishing campaigns that could for instance, offer free loans, high-end goods at rock-bottom prices or ‘great-savings’ at well-known retailers.
In fact, the only limits are those that the hackers impose on their imagination.
Passwords not so safe
BlankMediaGames said that user passwords were stored as a salted MD5 hash, that is, they are encrypted.
When it was first released, circa 1992, MD5 was considered to be a tough hashing technique for protecting passwords. But for some time now the wider security community has advised against using it.
- Those affected should at the very least change their Town of Salem password and if the same password is used on other websites these should also be changed.
- Armed with a password and email address fraudsters can wreak havoc. When they have this information they use it to run through websites that are used by many people such as Amazon, eBay, TripAdvisor and so on. They understand that many people use the same password across different sites.
Gaming and security
BullGuard Premium Protection
provides ideal safeguards for gamers. If their data is stolen it is kept safe thanks to rugged identity protection.
Gamers simply enter the information they want to protect, such as email addresses, name, postal address, username, passwords, payment card and banking details and so on.
Should any of the information appear online the user receives immediate alerts enabling them to take the necessary protective measures.
Further, BullGuard Premium Protection also provides the fastest Game Booster on the market, according to an independent tester.
BullGuard Game Booster optimises all processes running on a computer with the processor providing dedicated resources to the game.
As a result, gaming is noticeably smoother, pop-up ads are blocked and thanks to award-winning antimalware the computer is kept free of viruses.