On Friday, Pal Kovacs was listening to rock and metal giants Bring Me the Horizon's highly anticipated new album when he noticed a strange sound at the end of the record's final track.
Kovacs, who loved solving mysteries and cracking codes, wondered if the sounds contained a hidden message.
His intuition led him to discover a hidden hacking-themed website that had actually been hacked at some point.
Kovacs opened the song in the audio editing app Audacity and, sure enough, there was a spectrogram (which is basically a visual representation of the audio itself) that was actually a scannable QR code. An excited Kovacs shared his discovery on the Bring Me the Horizon subreddit.
The QR code leads to a hidden website, which is protected by a passcode that turns out to be a number (93934521) written above the head of a character called M8 on the album's cover art. This M8 character speaks on several tracks and also appears on the hidden site as a kind of guide.
The website is essentially an “alternate reality game,” or ARG, something bands like Nine Inch Nails have done before as a way to further engage fans with the band's music and legend.
In this particular case, the game consists of a website where the band uploaded unreleased tracks, a “code” protected folder, etc., which leads to even more password protected files, even more puzzles, and even more hidden Easter eggs, some of which are still unravelled and locked by unknown codes.
Kovacs' discovery set off a frenzy of decentralization as thousands of Bring Me the Horizon fans tried to unlock all of the site's hidden secrets. Days later, fans are still hard at work, and the site's creators are adding new challenges and puzzles. Fans have joined a dedicated Discord server with about 3,000 members and a shared Google Doc that's about 5,500 words long as of this writing.
Perhaps predictably, on the first day that fans discovered the site, someone hacked into it in an attempt to gain an advantage in the game, which prompted the developers to temporarily shut it down and replace it with a warning asking fans not to actually hack on hacking-themed websites.
“It appears that users have been hacking into M8 servers and decrypting hidden secrets,” reads a message from M8 in the album's guide, which multiple fans reported seeing in chats with TechCrunch. “It is my duty to inform you that this behavior is egregious and counterproductive. The whole purpose of this program is to unravel mysteries at an engaging pace, allowing everyone to experience the thrill of discovery. By circumventing the system and sharing secrets prematurely, you're ruining the fun for everyone!”
It's unclear what exactly the developers meant by hacking into “servers” or who was responsible. The band's record label, Sony Music Entertainment, did not respond to a request for comment.
“The email address was found after solving a riddle on the site. We found it legitimately, but when we sent an email to the email address as the site instructed, we received a warning message saying that it had been hacked and that we could be blacklisted if we tried again. We believe this is an old error from the first day the hackers were extracting information from the site,” Discord server owner xDarkMagicianGirl told TechCrunch.
xDarkMagician shared a copy of the email some people received after the hacking attempt.
“So, a friendly warning: your recent unauthorized access to our website did not go unnoticed. We admire your enthusiasm, but it is time to deal with the consequences of your actions. If you continue hacking into our systems you will be permanently blocked from accessing any part of our company,” the email read.
“Play fair and enjoy the journey together. After all, a little patience goes a long way to a really enjoyable experience for everyone, so stop being a troll and play fair!”