On Friday, Pal Kovacs was listening to the long-awaited new album from rock and metal giants Bring Me the Horizon when he noticed a strange sound at the end of the record’s last track.
Being a fan of solving riddles and breaking encrypted codes, Kovacs wondered, Does this sound contain a hidden message?
His hunch led to the discovery of a hidden hacking-themed website that at some point actually got hacked.
Kovacs opened the song in the audio-editing app Audacity and, as he suspected, there was indeed a spectrogram — essentially a visual representation of the audio itself — which was actually a scannable QR code. Excited, Kovacs shared his findings on the Bring Me the Horizon’s subreddit.
The QR code led to the hidden website, which is protected by a passcode that turned out to be a number (93934521) written on the album cover art, on the head of one of the characters, called M8. This M8 character speaks in some of the tracks and appears on the hidden site as a sort of guide.
The website is essentially an “alternate reality game,” or ARG, which bands like Nine Inch Nails have done before as a way to get fans more engaged with the band’s music and lore.
In this particular case, the game consists of a website where, among other things, the band uploaded some unreleased tracks, a folder protected by a “cipher,” which led to more password-protected files, more mysteries, and more hidden Easter eggs, some of which are still unresolved and locked by unknown codes.
Kovacs’ discovery launched a wild decentralized chase where thousands of Bring Me the Horizon fans tried to uncover all the secrets hidden within the site. Days later, the fans are still at it, as the site’s makers add new challenges and puzzles to solve. Fans have a dedicated Discord server with around 3,000 people inside and a shared Google Doc that at the time of writing is around 5,500 words in length.
Perhaps expectedly, on the first day when fans found the site, someone hacked it in an attempt to get ahead in the game. This prompted the developers to temporarily take the site down and replace it with a warning, asking fans not to do actual hacking on the hacking-themed website.
“It appears user/s have been illicitly hacking into the M8 server to decode hidden secrets,” read the message from M8, the album’s guide, which multiple fans reported seeing in chats with TechCrunch. “It’s my duty to inform you that this behaviour is both naughty and counterproductive! You see, the whole idea of this program is to unravel the mysteries at a tantalizing pace, allowing everyone to enjoy the thrill of discovery. By bypassing the system and sharing the secrets prematurely, you’re spoiling the fun for everyone!”
It’s unclear what the developers meant exactly by hacking into “the server,” nor who was responsible. Sony Music Entertainment, the band’s record label, did not respond to a request for comment.
“There was an email address found after solving a riddle on the site, we found it legitimately but when we emailed this email like the site told us to, we received a warning message saying that we had hacked it and may get blacklisted if we try again. We assume it was an old error from the first day when these hackers extracted info from the site,” xDarkMagicianGirl, the owner of the Discord server, told TechCrunch.
xDarkMagician shared a copy of the email that some people received after the hacking attempts.
“So a friendly warning: your recent unauthorized access to our website has not gone unnoticed. While I admire your enthusiasm, it’s time to address the consequences of your actions. If you continue to hack into the system, you’ll be permanently blocked from accessing any part of,” the email read.
“Let’s play fair and enjoy the journey together. After all, a little patience goes a long way in making the experience truly enjoyable for everyone. So stop being a dips—t, and play fair!”