Games developer Facepunch suffered a breach which exposed the details of 343,000 users, back in 2016.

HaveIbeenpawned website has told its readers that this breach was just recently uncovered.

In response, Facepunch said it was aware of the incident and had informed its users of the breach at the time it happened.

That said, HaveIbeenpawned’s Twitter page elicited a few sharp responses from Facepunch users.

One person said they had no such knowledge of any breach nor had they received information from Facepunch informing them of the hack:
“… I had 3 accounts personally affected and not one of them has received an email regarding this from FP (Facepunch) between June 2016 and now. I can’t find any blog posts either.”

Stolen data included:
  • Usernames
  • Email and IP addresses
  • Dates of birth
  • Salted MD5 password hashes

This latter point is passwords in hashed form. The aim is to defend against brute force password attacks.
However, the hashes are not encrypted before they go into a database. As such they can be cracked using brute force tactics but it is generally a much slower process.

If you have held or hold a Facepunch account, contact the company to find out whether your data was breached.