Cyber Threat Actor: DeHashed
| Actor Type | Location | Known Incidents |
Hacker
|
United States of America
|
1 incident |
|---|
Profile
DeHashed is a threat actor known by that primary alias and believed to operate from the United States of America. The only publicly attributed incident involving this entity is the December 2018 compromise of BlankMediaGames, the developer of the "Town of Salem" browser game. In that operation, an unidentified hacker initially breached the company's servers, exfiltrating a dataset containing approximately 7.6 million user records. This data included usernames, email addresses, hashed passwords, IP addresses, game activity logs, and details of premium feature purchases; financial information was not accessed due to third-party payment processing. The hacker subsequently transferred this stolen dataset to DeHashed. DeHashed then contacted BlankMediaGames directly during the holiday period to alert them to the breach, providing the evidence needed for the company to secure its systems, remove backdoors, and initiate a password reset process for users via a forum announcement. Following this notification, DeHashed shared the full breach dataset with the Have I Been Pwned service, enabling widespread alerts to affected individuals. This sequence of events positions DeHashed not as the initial intruder but as a recipient and disseminator of stolen data, acting as an intermediary between a hacker and the broader security community or public.
The BlankMediaGames incident illustrates DeHashed's documented role in the data breach ecosystem, specifically in the post-compromise phase of data handling and disclosure. Their actions involved receiving large-scale personal information databases from other malicious actors and proactively notifying the victim organization, a behavior that diverges from typical extortion or silent resale patterns. After alerting the victim, DeHashed further facilitated public awareness by providing the data to a well-known breach notification service. No specific malware families, initial access vectors, or custom tooling are publicly linked to DeHashed's own infrastructure or activities in this or any other reported case. There is no clear public attribution connecting DeHashed to a nation-state sponsor or a structured criminal consortium; their operational pattern in this single instance suggests a possible focus on data brokerage or hacktivist-inspired disclosure, though any strategic objectives regarding financial gain, espionage, or disruption remain unstated in available sources. This profile is derived solely from the one verified operation, and no other significant campaigns or consistent targeting patterns across sectors or regions are established in the public record.
