Hackers steal 1.9 million Dota 2 gamers' data from chat forum

LeakedSource said the information wasn't sufficiently secured

Nearly 2 million fans of online multi-player game Dota 2 have become the latest victims of a large-scale online hack, with email and IP addresses, usernames and passwords all being exposed.

News of the attack, which affects only the Dota 2 message board, rather than the game itself, comes via breach notification site LeakedSource. According to a post on LeakedSource's blog, 1,923,972 records were stolen from the official Dota 2 forum, which is run by gaming firm and Dota 2 creator, Valve.

The attack occurred at the beginning of July, although it has only just been communicated to the world this week. According to LeakedSource, the forum passowrds were stored in Valve's servers using MD5 hashing and salt to encrypt them. However, while use of MD5 is still quite common, it is also considered to be severely compromised and vulnerable to myriad attacks. This has allowed LeakedSource to decrypt roughly 80% of the information stored in the leaked database.

The majority of the email addresses taken in the attack were Gmail accounts that had been set up specifically for use with Valve's forums, which could lessen the impact of the attack. It's also been noted by gaming site RockPaperShotgun that the forums are separate from Steam itself, meaning it's unlikely hackers would be able to maliciously use the data to cause havoc with gamers' Steam accounts, unless they have used the same credentials for both.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Valve hasn't yet commented on the attacks, but it comes at an important time for the online games-maker as it preps for the Dota 2 global tournament, which is happening this week in Seattle. The tournament sees gamers playing against each other to win a prize fund of $20 million (15 million).

Main image credit: Valve Software

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020