“Town of Salem” leak: more than 2 million password hashes are already cracked

…and are available to download.

Personal details of 7.6 million users of BlankMediaGames game “Town of Salem” has been stolen by an unknown attacker.

Town of Salem is a browser-based game that challenges players on their ability to convincingly lie as well as detect when other players are lying. The game ranges from 7 to 15 players. 


The exfiltrated informations appears to be:

  • Usernames
  • Email addresses
  • Passwords in phpass, MD5(WordPress), MD5(phpBB3) format
  • IP addresses
  • Game & forum activity
  • Purchased game premium features, but without payment information or credit card details, according with BMG’s official statement:

We don’t store any credit card or payment info. At all.


Have I Been Pwned already included this data breach.

On Hashes.org has been published a subset of 2 million decrypted accounts:


Related posts

  1. Privacy Roundup #17
  2. Privacy Roundup #16
  3. Cybersecurity Roundup #16
  4. Privacy Roundup #15
  5. SANS Institute: how to turn a data breach into an educational opportunity