Even if it’s not, be safe and change your Dota 2 forum password, as well as your logins on other sites if you reuse the same password over and over again.
Advertisement
The compromised passwords were hashed and salted with an MD5 algorithm, however this – by modern computing standards – is easily broken.
News of the hack, which apparently took place on 10 July, comes via a LeakedSource blog post, which revealed that attackers got their mitts on 1,923,972 records including usernames, email addresses, passwords and IP addresses. MD5 hashing is widely considered an outdated and ineffective form of data protection, and according to Leaked Source, over 80% of the hacked passwords can be converted to their plaintext value.
The three most popular email domains exposed were Gmail, Hotmail and Yahoo, with only 24,335 entries for users with Outlook.com emails. This makes it easier for them to remember the password but it is also riskier.
Additional reports point to Valve Software’s use of an older version of the vBulletin software used to run the forum.
Evidently, there’s an SQL injection vulnerability in the platform, allowing hackers to inject SQL statements into an entry field to execute a command, such as to dump the forum’s database contents into one large file to download.
“The database relates only to the Dota 2 Dev forums at dev.dota2.com, and does not contain any Steam credentials, payment information or any other private information related to your Steam account”.
Advertisement
Dota 2’s official forums were reportedly hacked on July 10, with almost 2 million records accessed. However, your information will still be in the hands of hackers. Users should immediately change their passwords if they may be impacted, especially if they share passwords across multiple sites.
