Store Page
Town of Salem
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Town of Salem

Store Page
View Stats:
Global Achievements
Flavorable Jun 15, 2019 @ 4:21am
Security update/warning [Please read. Very important.]
Hey guys,

So, for the last couple of days, we have been suffering from people getting hacked (mainly ranked players). This seems to be a result of someone obtaining the data that was breached and using it for malicious intent.

The only people that have been hit are the people that did not change their password after the breach, despite the many announcements and the e-mail notification we sent out.

So I implore all of you who haven't: CHANGE YOUR PASSWORD. The time for leniency will undoubtedly eventually run out.

Even if you did change your password, always keep in mind (and this goes for every account you ever make on the internet) that regularly changing your passwords (at least every 3-6 months) is ALWAYS recommended for your own safety and security. And as much as sites advertise the importance of special characters, don't forget that the longer the password, the safer it is. (As you can imagine, something like "abcde12!" is way easier to decrypt than "abcdefghijklmnopqrstuvwxyz".

If you are aware of any friends/players that have been inactive since before the breach and they have not changed their password and they're paid or grandfathered accounts, I highly suggest messaging them to change their password, and if they don't respond or are inactive still, feel free to PM me their ToS account name and I can check if they have been hacked and send it through to the Admins to lock their accounts so there won't be any damage done.

You can change your password here: https://www.blankmediagames.com/phpbb/ucp.php?mode=sendpassword (This sends an automatically generated password, but doing this first is important for logging purposes). Afterwards, you can go here: https://www.blankmediagames.com/help/requestpasswordreset.php and change the generated password into one of your own.

22-06-2019 [EDIT] Edited in correct, working link.
Last edited by Flavorable; Jun 21, 2019 @ 3:44pm
< >
Showing 1-15 of 23 comments
Vepar Jun 15, 2019 @ 7:32am 
Is it ok if we just use the auto generated password? Or can that be somehow obtained by the hackers?
#1
Flavorable Jun 15, 2019 @ 7:41am 
Originally posted by Vepar:
Is it ok if we just use the auto generated password? Or can that be somehow obtained by the hackers?
Perfectly fine to do so.

The other link is there purely for the people who prefer their own personal password.
#2
Vepar Jun 15, 2019 @ 8:23am 
Originally posted by Flavorable:
Originally posted by Vepar:
Is it ok if we just use the auto generated password? Or can that be somehow obtained by the hackers?
Perfectly fine to do so.

The other link is there purely for the people who prefer their own personal password.

Ok, thanks!
#3
Flavorable Jun 21, 2019 @ 3:40pm 
Updated the link for changing your password yourself.
#4
clonegunner237 Jun 27, 2019 @ 11:39pm 
Sooo... I log in through steam and don't know what e-mail I used for my account. How do I go about this process, anyway? I haven't been playing ranked, only ranked practice, so is the problem even relevant for me?
Last edited by clonegunner237; Jun 27, 2019 @ 11:40pm
#5
Flavorable Jun 28, 2019 @ 12:13am 
Originally posted by clonegunner237:
Sooo... I log in through steam and don't know what e-mail I used for my account. How do I go about this process, anyway? I haven't been playing ranked, only ranked practice, so is the problem even relevant for me?

If you have not changed your password in 5/6 months (or longer), then yes, it is definitely relevant for you.

If you don't remember the e-mailaddress you used, there's basically a 3-step thing you can do:

1 > Check all your known inboxes and search for "blankmediagames.com" to see if any e-mails from them show up on one of your e-mailaddresses, if not;

2 > Try the first link in the original post repeatedly for every e-mailaddress you may have used, and if that also doesn't work;

3 > E-mail the developers and explain the situation. They will need as much proof from you that the account in question belongs to you, so give them as much info as you can (and be sure to include the receipt for ToS which you can find under "Help > Steam Support" and your Steam username).
#6
Scientist Jul 5, 2019 @ 8:14am 
i kinda dont care for my account especially since i have the same password as my username, i just use scrolls.
#7
Hurricane Aug 23, 2019 @ 10:01am 
Are the passwords in the database salted and hashed ? With a adequately robust hash ?
#8
Scientist Aug 23, 2019 @ 10:04am 
Originally posted by Hurricane:
Are the passwords in the database salted and hashed ? With a adequately robust hash ?
i saw a post on reddit about how uhhh how they arent hashed at all and are just loosely placed
#9
shapesifter13  [developer] Aug 26, 2019 @ 12:49pm 
At the time of the breach they were salted MD5 hashes, which we are aware is not the most robust. This has since been improved, but many passwords with 10 or less characters were cracked. This has all been discussed on the forums related to the breach.
#10
DJ Aug 26, 2019 @ 1:11pm 
Does this affect people who log in through steam?
#11
Flavorable Aug 26, 2019 @ 2:20pm 
Originally posted by DJ Spicy Deluxe:
Does this affect people who log in through steam?
Yes, because you still use a ToS account to log in, not a Steam account. The "log in through Steam" button is ONLY for linking an account to Steam, besides that it has nothing to do with Steam or your Steam account (which you never need to log into the game).
#12
DJ Aug 26, 2019 @ 8:32pm 
Originally posted by Flavorable:
Originally posted by DJ Spicy Deluxe:
Does this affect people who log in through steam?
Yes, because you still use a ToS account to log in, not a Steam account. The "log in through Steam" button is ONLY for linking an account to Steam, besides that it has nothing to do with Steam or your Steam account (which you never need to log into the game).
So there is a chance you could lose your ToS account but not your Steam account if you don't do anything then, right?
#13
Flavorable Aug 26, 2019 @ 11:39pm 
Originally posted by DJ Spicy Deluxe:
Originally posted by Flavorable:
Yes, because you still use a ToS account to log in, not a Steam account. The "log in through Steam" button is ONLY for linking an account to Steam, besides that it has nothing to do with Steam or your Steam account (which you never need to log into the game).
So there is a chance you could lose your ToS account but not your Steam account if you don't do anything then, right?
Well, it does depend on whether or not you use your ToS account info (username/e-mailaddress + password combo) anywhere else.
#14
Scientist Aug 27, 2019 @ 5:18pm 
Originally posted by Flavorable:
Originally posted by DJ Spicy Deluxe:
So there is a chance you could lose your ToS account but not your Steam account if you don't do anything then, right?
Well, it does depend on whether or not you use your ToS account info (username/e-mailaddress + password combo) anywhere else.
luckily i have a plan, i use the same password as my username so people will think its a dumbass alt acc, its risky but fighting fire with fire is all i need
#15
< >
Showing 1-15 of 23 comments
Per page: 1530 50

Town of Salem > General Discussions > Topic Details
Date Posted: Jun 15, 2019 @ 4:21am
Posts: 23

Discussions Rules and Guidelines