In , just before Christmas, hackers successfully breached the servers of BlankMediaGames (BMG) , the developer behind the popular browser-based role-playing game Town of Salem . The breach compromised approximately 7.6 million user records , making it one of the largest gaming-related data breaches of the era.

Once the data was stolen, subsets of the database and direct download links to the full SQL dump began appearing on . Pastebin is a text-storage site frequently used by developers to share code, but it is also routinely abused by hackers to host leaked credentials.

The use of was the cardinal sin. MD5 is a 128-bit hash function that is now considered insecure because attackers can generate collisions and, more relevantly, use rainbow tables (precomputed hash databases) to reverse it. Since BlankMediaGames also failed to salt the passwords (adding random data to each hash), two users with the same password would have identical hashes. This made cracking trivial.

Practical, actionable advice for the operator / developers (concise checklist)