HaveIbeenpwned is telling its readers who might have an account with Facepunch that the game studio suffered a breach two years ago exposing their information.
Troy Hunt’s data breach site reported that in June 2016 Facepunch was breached exposing 343,000 users. The compromised data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
Facepunch told HaveIbeenpwned that it was aware of the incident and had informed its users at the time.
However, responses posted to HaveIbeenpwned Twitter page are telling a different story. Several people who said they have a Facepunch account stated they were never told.?@haveibeenpwned
Your email disclosed that Facepunch disclosed information about this breach to those who are affected. However, I had 3 accounts personally affected and not one of them has received an email regarding this from FP between June 2016 and now. I can't find any blog posts either.
An attempt to contact Facepunch through its Twitter account has so far been unsuccessful.
Originally published in scmagazine.com North America.