Original post from the hacker:
https://www.reddit.com/r/TownofSalemgame/comments/acdnsc/data_breach_what_actually_happened_edited/I am writing this to clear up what actually happened during the breach because there is a lot of misinformation going around and this "hack" was a lot simpler than everyone thinks it is. I was there in the group call helping export the database while we had admin account access.
TL;DR = Admin password reuse + phpBB being shitty forum software
You know what we did? We literally looked up the usernames of admins in data breaches. Sure enough, an admin and the site owner reused passwords and we logged in.
<DATA REMOVED>
Above are the credentials we used. phpBB being the shitty forum software it is, allows anyone with an admin account to export the entire database. However, we ran into a little issue. The theme had a bug causing the database export not to work. We kept trying to figure out what was wrong, but we couldn't because we didn't have enough phpBB knowledge. We tried selecting new themes, but it still didn't work. After that, we got another buddy who knows a method and gave him the credentials. He was about to work his magic, but unfortunately the admin credentials were reset by the admins themselves. Why? Because we selected a theme, forgot about it and left it enabled. It's kinda funny since the theme was a pretty nice custom theme, but for some reason, the owner prefers to use the default phpBB theme which to me is very stupid. I saw some users make memes about it as well which was hilarious.
The above incident happened on December 13th 2018. Our friend silently did his own work days to weeks earlier. The admins clearly knew about it because they reset their credentials and saw the theme change. On top of this, the admin panel doesn't allow logs to be erased. This means that the admins should've seen about 4 logins from different TOR IPs, but yet they chose not to do anything until some retard gave the database to DeHashed/HIBP.
Anyway, so you might be wondering, if the admins reset credentials, how did you breach the database? Well, we talked about this to a different friend and it turns out, he did the same thing that we did, but a few days prior to our logins. Unlike us, this guy knows phpBB well. I will not say exactly how it was done, but it's possible to make a theme that will backdoor the server. He did just that and got access to the entire server on which the database was stored. He downloaded all the files, including the database. He gave us the database for free and said he sold a few copies for $500 BTC each to others.
Just like most phpBB databases, the structure of this one is: Username:Email:IP:Hash. I have no idea why people are saying there are md5 hashes in it, because there aren't. Every hash is a phpass hash. These hashes are kinda annoying to decrypt, but they certainly aren't too hard. Personally, I decrypted 2 million out of 7.6 million hashes.
These credentials have been excellent for trying against many games and we've made tens of thousands from checking these combos and selling copies of the database. The disclosure was too late, we've already made swift use of the credentials. We don't care about your Town Of Salem accounts, those are of no value whatsoever to us, we care about other sites.
Also, I should add that we do have addresses of some users who paid (Hey admins, check your wordpress account)
Here is a data sample:
<DATA REMOVED>
The above data is from the address logs. I will also post a data sample from the actual phpBB database everyone is speaking of:
<DATA REMOVED>
There was no big server breach, you literally reused passwords and used a shitty forum software which allows database exporting and server access via theme exploits. Literally all you have to do is just not reuse passwords and use semi-decent software. Wait no, scratch that. If you didn't reuse passwords, none of this would've happened. But using better forum software would be nice anyway. phpBB? What is this, 2005? Use Xenforo. It looks very nice, you can make great themes and it's modern. On top of this, it's very secure. Just find how to migrate your database to Xenforo. Being lazy will cause your data to get leaked.
I made this to clear up all the bullshit spreading around. This data breach was super easy and frankly we're very surprised that everyone thinks it was some super big hacker shit. Any ol' script kiddie could've done this.
Moral of the story: If you own a multi-million game company, don't reuse passwords and for Christ's sake, use modern forum software instead of outdated crap.
EDIT: I meant MODULES, not a THEME. Some module shit was installed by my friend which is how the breach was done. (My phpBB knowledge is minimal, but I know it was 100% done via admin credentials + admin panel)