Hackers steal 1.9 million Dota 2 gamers' data from chat forum
LeakedSource said the information wasn't sufficiently secured
Nearly 2 million fans of online multi-player game Dota 2 have become the latest victims of a large-scale online hack, with email and IP addresses, usernames and passwords all being exposed.
News of the attack, which affects only the Dota 2 message board, rather than the game itself, comes via breach notification site LeakedSource. According to a post on LeakedSource's blog, 1,923,972 records were stolen from the official Dota 2 forum, which is run by gaming firm and Dota 2 creator, Valve.
The attack occurred at the beginning of July, although it has only just been communicated to the world this week. According to LeakedSource, the forum passowrds were stored in Valve's servers using MD5 hashing and salt to encrypt them. However, while use of MD5 is still quite common, it is also considered to be severely compromised and vulnerable to myriad attacks. This has allowed LeakedSource to decrypt roughly 80% of the information stored in the leaked database.
The majority of the email addresses taken in the attack were Gmail accounts that had been set up specifically for use with Valve's forums, which could lessen the impact of the attack. It's also been noted by gaming site RockPaperShotgun that the forums are separate from Steam itself, meaning it's unlikely hackers would be able to maliciously use the data to cause havoc with gamers' Steam accounts, unless they have used the same credentials for both.
Valve hasn't yet commented on the attacks, but it comes at an important time for the online games-maker as it preps for the Dota 2 global tournament, which is happening this week in Seattle. The tournament sees gamers playing against each other to win a prize fund of $20 million (15 million).
Main image credit: Valve Software
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now