High Tail Hall data breach revealed; owners say new site "MUCH more advanced"
HaveIBeenPwned lists the disclosure of 411,755 HTH Studios accounts from August 24, including data such as:
Browser user agent details, dates of birth, email addresses, IP addresses, names, phone numbers, physical addresses, purchases, usernames
Passwords were stored as "salted" SHA-1 and MD5 hashes, which may decrease the impact of their being compromised - however, such protections are no longer considered sufficient to protect original passwords, due to the speed at which these types of hashes may be computed.
a puzzle game where you can have erotic encounters with the surrounding characters, and work out your frustrations if you come across a particularly complex puzzle.
Trouble was reported with the payment processor on September 23. Staff member Tyvara Panther posted to the HTH blog on October 3 regarding a "temporary store downtime", stating that "no sensitive data has been compromised". Today, founder Crowchild posted to admit the prior data leak:
As of the overhaul in Oct of 2018 we are using a MUCH more advanced and stable security system. We where contacted today by twitter user @troyhunt via @haveibeenpwned claiming we had a data breach sometime in August 2018 and that files have appeared on on a popular hacking forum and included 411k unique email addresses along with physical and IP addresses, names, orders, salted SHA-1 and salted MD5 hashes. Both our internal security and web team security assures us that no financial data was compromised. I have been in contact with security, developers, legal council and law enforcement. The security and comfort of our users is the highest priority.
At this time we recommend ALL of our users update your account passwords (Just to be safe)
Flayrah also recommends changing such passwords if they have been reused elsewhere, to a version which is unique per-site.
We realize it’s been two weeks since we started the website relaunch and playable games are still unavailable. Here’s what’s going on and what we’re trying to do.
Our web team is working on integrating the store and the website data so that everyone who has a Gold Subscription maintains that subscription. We’re also doing away with the key system and replacing it with a coupon system. The reason we have to change is because our web team did not create the key system and half of it was written in Dutch, so even with a translator, it’s been a nightmare to deal with for them and the best they could offer was to transfer the system to a new one created from scratch.
In addition to the subscription system problems, we are still waiting on verification from our payment processor to activate our store. We can’t turn on the store without a way to process payments. The reason it’s taking so long is the first payment processor we were trying to go with has been jerking us around for over 3 weeks, so we decided to go to a different processor one we used with the old store, so we already know the approval process. We were forced to switch processors, because one of our previous processors isn’t compatible with our updated store and the current processor we’re going with can’t transfer accounts, so we had to start a new one to go with the new store.
What we’re attempting to do for now is activate the log in for Gold members which is connected to the store information.
The reason we had to make the switch when we did, is our old system, written in Joomla, was getting an update that would have broken our website’s functionality, so our web team advised beginning the switch now.
HTH's Twitter account was also reported to have been "hacked" October 5 by someone "trying to show Crow that he needed to change his passwords".
HTH Studios LLC sells $5/month subscriptions and also has 565 Patreons, providing additional income of $4,959/month, as well as a Cafepress store. Its wiki reports the Flash version of its game was discontinued in August 2017, with the first Unity-based build of "New Cyana" released this February.