This Week in Breach: BlackMediaGames (Town of Salem)
BlankMediaGames: Game maker of ‘Town of Salem’.Risk to Small Business: Severe:With a number as high as 7.6M users exposed, this cyberattack has the potential to be game-changing. News broke that DeHashed, a commercial breach indexing service, discovered the successful attack before Christmas and tried alerting the company, but no actions were made to secure the hacked servers and notify users until later on. Cybersecurity experts are claiming that the company’s hashing technique (PHPBB) for securing passwords was relatively weak, meaning that it is only a matter of time until hackers were able to crack them.Individual Risk: Severe: Stolen user data included usernames, email addresses, hashed passwords, IP addresses, and game/forum activities. Payment information or credit card details were not exposed, but compromised information can still be leveraged to gain access to payment details on other similar accounts.Customers Impacted: 7.6M users of ‘Town of Salem’.How it Could Affect You:Although BlankMediaGames clarified that it does not handle payment information, users may not fully grasp what this means. When they hear breach, they feel exposed. To further compound the issue, the company admitted that its hashing platform for passwords was not as secure as it could be. Overall, video game services are becoming “low hanging fruits” for cybercriminals due to the emphasis of user experience over security and increasingly growing value of digital “in-game” goods or purchases.Read more
In Other News:German Politicians and Celebrities are Under AttackHundreds of German parliament members, most notably Chancellor Angela Merkel, and celebrities are having their personal details leaked in what seems to be a politically motivated cyber-attack. Information including financial details, contact information, private conversations, and more was originally leaked in December on a Twitter account, which was only recently discovered and suspended.Although six of seven main political parties were among those affected, no members from the far-right Alternative party (AfD) seem to be impacted. Officials are saying that the data could have been obtained by hackers using stolen passwords to log into email accounts, social networks, and cloud-based services.Read more