Tusillody wrote:Razbae wrote:Why would someone want to login to a town of salem account that badly? People are weird.
The account information found in this breach will be used to hack accounts on other websites or services. The information was being sold in early December, so it's already being used.
Tusillody wrote:The information was being sold in early December, so it's already being used.
Chemist1422 wrote:Tusillody wrote:The information was being sold in early December, so it's already being used.
You gonna back up that claim or?
Tusillody wrote:sportakus1 wrote:Changed my pass, but leaked IP and e-mail is still concerning me.
I hope this wont affect me in any way in future, otherwise I might delete my account to save myself from this mess.
Deleting your account will not save you from anything. Make sure your email password is not the same as the breached password and you should be fine. In a breach like this, IP addresses are not cared for. It's the account information that can be used on other sites and services, and credit card info that is either used for return-scams or sold off.
Dipsys wrote:Is there actually no way to delete my account from the forums or am I just blind? I would very much like to delete it since I don't actually use this anyways. I know it doesn't undo what has happened in any way but I still don't feel comfortable continuing to have a profile here.
If it's not something I can do by myself I would greatly appreciate a staff member deleting if for me.
sportakus1 wrote:Changed my pass, but leaked IP and e-mail is still concerning me.
I hope this wont affect me in any way in future, otherwise I might delete my account to save myself from this mess.
Dipsys wrote:Is there actually no way to delete my account from the forums or am I just blind? I would very much like to delete it since I don't actually use this anyways. I know it doesn't undo what has happened in any way but I still don't feel comfortable continuing to have a profile here.
If it's not something I can do by myself I would greatly appreciate a staff member deleting if for me.
Varanus wrote:Clearly the people trying to make a profit off the info are a far more reputable source about what's in there than the actual devs
/s
Reminder to use a password manager so that the possible damage from these types of breaches is minimal. This isn't the first, nor will it be the last time a site you have an account on has data stolen.
Tusillody wrote:KatiyaKramer wrote:Tusillody wrote:sportakus1 wrote:Changed my pass, but leaked IP and e-mail is still concerning me.
I hope this wont affect me in any way in future, otherwise I might delete my account to save myself from this mess.
Deleting your account will not save you from anything. Make sure your email password is not the same as the breached password and you should be fine. In a breach like this, IP addresses are not cared for. It's the account information that can be used on other sites and services, and credit card info that is either used for return-scams or sold off.
I'm pretty sure it was clarified that no info like credit card info was touched in all this. In fact if you read the main announcement:Achilles wrote:
Important Notes:
We don't store any credit card or payment info
All passwords were hashed and not plain text, so your emails should all be safe still if they used the same password, but you can change that as well if you are worried.
The only important data compromised would be your Username/hashed password, IP and email. Everything else is just game related data.
I did read that announcement, and I also read the breach information from DeHashed, which is way more credible considering the lack of action from the developers regarding this whole situation.
"The data affected, includes but is not limited to:
Usernames, Emails, Passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP Addresses, Game & Forum Activity, & Payment Information. With some of the users who paid for certain premium features having their billing information/data breached as well."
The forum here should be up in arms over the lies and lack of real announcement. The only reason we're here on this forum to discuss this is that other sources have notified us about the breach. The developers here knew a week ago.
PyromonkeyGG wrote:We have identified one breach and have fixed it. We have been working with Rackspace to help identify any other potential leaks or vulnerabilities on our servers. We will be sending out a mass email announcement soon. Our #1 priority right now is to ensure that our servers are secure, then adding support in our code for forced password resets.
FrankLeeAwful wrote:It's a good start. Meanwhile I'm praying for Unity to fix any other issues.
cents02 wrote:This was said in the forums by the devs
Important Notes:
We don't store any credit card or payment info
All passwords were hashed and not plain text, so your emails should all be safe still if they used the same password, but you can change that as well if you are worried.
The only important data compromised would be your Username/hashed password, IP and email. Everything else is just game related data.
However, the source blog https://blog.dehashed.com/town-of-salem-blankmediagames-hacked/ states that credit card information has been compromised.
Usernames, Emails, Passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP Addresses, Game & Forum Activity, & Payment Information. With some of the users who paid for certain premium features having their billing information/data breached as well.
Cared to explain?
S0me0ne23 wrote:PyromonkeyGG wrote:We have identified one breach and have fixed it. We have been working with Rackspace to help identify any other potential leaks or vulnerabilities on our servers. We will be sending out a mass email announcement soon. Our #1 priority right now is to ensure that our servers are secure, then adding support in our code for forced password resets.
Do you plan on switching to a salted hash algorithm with SHA256 or another modern hash function?
Achilles wrote:kristian818 wrote:large company
Our staff is myself, pyro, shapesifter (community manager), docexer and blueheatwave (Artist).
I'm sorry that this all happened and wasn't responded to quickly enough but people were on vacation spending time with their families (and his emails went to our spam filter). We aren't a large company we are an indie company. Yeah we have a lot of registered users but it was a F2P game and millions of those accounts played a few games and never came back.
PyromonkeyGG wrote:S0me0ne23 wrote:PyromonkeyGG wrote:We have identified one breach and have fixed it. We have been working with Rackspace to help identify any other potential leaks or vulnerabilities on our servers. We will be sending out a mass email announcement soon. Our #1 priority right now is to ensure that our servers are secure, then adding support in our code for forced password resets.
Do you plan on switching to a salted hash algorithm with SHA256 or another modern hash function?
Ours is already salted.
Users browsing this forum: No registered users and 22 guests