Skip to main content
  1. Home
  2. Computing
  3. News

The 'Dota 2' forum was hacked in July, and we're just now hearing about it

By

Dota 2 3
Image used with permission by copyright holder
If you’re a member of the Dota 2 forum connected to the popular multiplayer online game, now would probably be a good time to change your password for the site and possibly for other online services as well. A new breach notification site called LeakedSource reports that the forum was hacked on July 10, 2016, exposing 1,923,972 records, each containing an email address, an IP address, a username, a user identifier, and a password.

According to the report, the forum’s passwords are stored on Valve Software’s servers using MD5 hashing and a salt, the latter of which is random data injected as an additional input into the password to help “scramble” the information. However, the outdated MD5 isn’t exactly the most secure algorithm for hashing a password, as it’s notably filled with vulnerabilities and can be reversed by a brute-force attack. LeakedSource said it managed to convert over 80 percent of the hashed passwords to their plain text values.

Recommended Videos

“It’s a fast and memory-conserving algorithm,” stated a response in a Stack Exchange thread a few years ago. “That means an attacker can compute the hash of a large number of passwords per second. Using specialized hardware (like FPGA arrays or ASICs) worth a few thousand dollars you can compute the hashes of all possible 8-character passwords for a given salt in mere hours.”

On the email front, the report reveals a list of 56 email domains that were used to register for the Dota 2 forum. The top 10 include Gmail with 1,086,139 users, followed by Hotmail, Yahoo, Mail.ru, Outlook, Sina, Ymail, Cmail, AOL, and MSN. The report adds that the list also includes quite a few disposable emails, meaning they’re simply temporary and likely used only for this specific forum.

Additional reports point to Valve Software’s use of an older version of the vBulletin software used to run the forum. Evidently, there’s an SQL injection vulnerability in the platform, allowing hackers to inject SQL statements into an entry field to execute a command, such as to dump the forum’s database contents into one large file to download. SQL is a programming language used to manage data in a database management system.

Dota 2 players worried about hackers gaining access to their account credentials can search LeakedSource’s database by heading here. If by chance your information is indeed in the Dota 2 data pool, or in any other leaked database in possession by LeakedSource, you can remove this sensitive info from the site’s copy for free. However, your information will still be in the hands of hackers.

The first report provided by LeakedSource appears to be March 30 of this year, stating that Mate1.com was hacked in October 2015. LeakedSource obtained a copy of the site’s database containing 27,403,958 accounts. Passwords were reportedly stored in plain, visible text, revealing that the site wasn’t using any type of encryption to protect user accounts. The most used password was “123456” followed by “123456789” and “123.” Seriously?

So far Valve Software has not issued a statement regarding LeakedSource’s report of the July Dota 2 forum hack.

Editors’ Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Nvidia may have found a new way to bypass GPU export restrictions
The RTX 4090 graphics card sitting on a table with a dark green background.

Chinese gamers are expected to have limited access to Nvidia's best graphics card due to strict export restrictions. However, Nvidia may have found a way around it without cutting down its flagship GPU. A new leak suggests that the RTX 5090D will have the same hardware specifications as the worldwide version, and the solution lies in firmware adjustments.

As a quick refresher, the "D" in RTX 5090D stands for "Dragon." It marks GPUs made by Nvidia to bypass the export restrictions imposed by the U.S. on China, which limit the sale of high-performance graphics processors. We first saw it appear in the RTX 4090D as a remedy for the fact that the base RTX 4090 exceeds the performance thresholds set by these regulations.

Read more
There’s a new way to use ChatGPT on your iPhone. Here’s how it works
Someone holding the iPhone 16 Pro with its display on.

There is a new way to access ChatGPT on Apple's iPhone and iPad. As reported by MacRumors, the latest version of the ChatGPT app makes it even easier to access the app's SearchGPT feature.

ChatGPT, a sophisticated AI chatbot developed by OpenAI, utilizes an ever-growing dataset to answer questions, write stories, summarize factual topics, translate languages, and create creative content. It is available on Apple devices through the ChatGPT app, and it is expected to be integrated into Siri in a future version of Apple Intelligence.

Read more
Give your loved ones the gift of online privacy this holiday season with DeleteMe
DeleteMe visual with computer

Did you know, that at any given time, everything you’re doing while online is being tracked, collected, and collated? Data aggregation companies called data brokers take all the information they collect about you, your family, and other people, and then sell it for a profit. Outside of the ethical concerns of that process, one major issue is that it leaves you vulnerable. That information can be easily exposed, purchased, or acquired by nefarious actors. It might then be used to send you loads of spam emails, robocalls, and phishing attempts, and may even contribute to identity theft attacks. Scary stuff. But there are services, like DeleteMe, that help you recover, remove, and take back control of your online privacy and data.

Thanks to a Black Friday and holiday deal you can protect yourself and anyone you care about, for less. DeleteMe is currently 25% off and it would make the perfect gift for your loved ones this holiday season. Why? Because the reality is that everyone's data is being collected and this service can help remove that information, keep it from being reuploaded to databases and offer extra layers of protection against phishing, identity theft, scams, and more. They deserve privacy and security just like you, and you can be the one to gift it to them.

Read more