The 'Dota 2' forum was hacked in July, and we're just now hearing about it

Dota 2 3
If you’re a member of the Dota 2 forum connected to the popular multiplayer online game, now would probably be a good time to change your password for the site and possibly for other online services as well. A new breach notification site called LeakedSource reports that the forum was hacked on July 10, 2016, exposing 1,923,972 records, each containing an email address, an IP address, a username, a user identifier, and a password.

According to the report, the forum’s passwords are stored on Valve Software’s servers using MD5 hashing and a salt, the latter of which is random data injected as an additional input into the password to help “scramble” the information. However, the outdated MD5 isn’t exactly the most secure algorithm for hashing a password, as it’s notably filled with vulnerabilities and can be reversed by a brute-force attack. LeakedSource said it managed to convert over 80 percent of the hashed passwords to their plain text values.

“It’s a fast and memory-conserving algorithm,” stated a response in a Stack Exchange thread a few years ago. “That means an attacker can compute the hash of a large number of passwords per second. Using specialized hardware (like FPGA arrays or ASICs) worth a few thousand dollars you can compute the hashes of all possible 8-character passwords for a given salt in mere hours.”

On the email front, the report reveals a list of 56 email domains that were used to register for the Dota 2 forum. The top 10 include Gmail with 1,086,139 users, followed by Hotmail, Yahoo, Mail.ru, Outlook, Sina, Ymail, Cmail, AOL, and MSN. The report adds that the list also includes quite a few disposable emails, meaning they’re simply temporary and likely used only for this specific forum.

Additional reports point to Valve Software’s use of an older version of the vBulletin software used to run the forum. Evidently, there’s an SQL injection vulnerability in the platform, allowing hackers to inject SQL statements into an entry field to execute a command, such as to dump the forum’s database contents into one large file to download. SQL is a programming language used to manage data in a database management system.

Dota 2 players worried about hackers gaining access to their account credentials can search LeakedSource’s database by heading here. If by chance your information is indeed in the Dota 2 data pool, or in any other leaked database in possession by LeakedSource, you can remove this sensitive info from the site’s copy for free. However, your information will still be in the hands of hackers.

The first report provided by LeakedSource appears to be March 30 of this year, stating that Mate1.com was hacked in October 2015. LeakedSource obtained a copy of the site’s database containing 27,403,958 accounts. Passwords were reportedly stored in plain, visible text, revealing that the site wasn’t using any type of encryption to protect user accounts. The most used password was “123456” followed by “123456789” and “123.” Seriously?

So far Valve Software has not issued a statement regarding LeakedSource’s report of the July Dota 2 forum hack.

Smart Home

Amazon’s Alexa reviewers reportedly have access to customer home addresses

We already learned earlier this year that when you talk to Alexa, Amazon employees may also be listening. Some employees who review Alexa recordings may also have access to user addresses and locations.
Computing

Tablet or notebook? Our favorite 2-in-1 PCs give you the best of both worlds

If you can’t decide if you need a tablet or a notebook, then don’t bother. The best 2-in-1 laptops are both, and they can provide all the power you need. Check out our list for the best 2-in-1s for any user.
Gaming

These awesome free-to-play games might be even better than the ones you paid for

Believe it or not, free-to-play games have evolved into engaging, enjoyable experiences. Here are a few of our favorites that you can play right now, including Warframe and the perennially popular League of Legends.
Computing

Online passwords: Research confirms millions of people are using 123456

According to recent analysis of data caught up in cyber attacks, millions of people are continuing to use super-simple passwords, with 123456 topping the list of easy-to-crack codes.
Apple

Leaked memo: If your MacBook keyboard dies, Apple will fix or replace in one day

If your Apple MacBook keyboard is problematic, getting it fixed at a Genius Bar just got a lot easier. Apple has now mandated that its Geniuses repair or replace MacBook keyboards by the next working day.
Computing

In 2019, laptops are better than ever. Here are the best of the best

The best laptop should be one that checks all the boxes: Great battery life, beautiful design, and top-notch performance. Our picks for the best laptops you can buy do all that — and throw in some extra features while they're at it.
Product Review

Still waiting for a new Mac Pro? Corsair’s mini PC has all the power you'll need

With a modern 12-core Intel Core i9-9920X processor, Nvidia’s RTX 2080 Ti graphics, and 32GB of RAM, the Corsair One Pro is designed to woo creatives who demand more power from Apple’s Mac Pro. Like the Mac Pro, the best part of this PC…
Computing

USB drive issue blocks some PCs from receiving Windows 10 May 2019 update

A USB drive error resulted in some PCs being blocked from receiving the Windows 10 May 2019 update. Microsoft decided to block eligible PCs with USB drives or SD cards attached from getting the update until the error is fixed.
Photography

Free your digital memories, and frame them, with the best photo printers

Printed photos are experiencing a revival at the moment, but you don’t need to go to a special lab. Here’s our favorite options for making quality prints, from pocket-sized printers to wide-format photo printers capable of spitting out…
Cars

Nvidia agrees with Tesla’s take on self-driving cars, but corrects specifics

Nvidia vice president Rob Csongor agreed with broad statements by Elon Musk at Tesla's April 22 Autonomy Investor Day. Csongor then took exception to what he termed were inaccuracies about Nvidia's self-driving car chip.
Computing

Amal and George Clooney want to change the world. Can Microsoft help?

Microsoft and The Clooney Foundation for Justice (CFJ) unveiled the TrialWatch app Thursday morning, a new tool in CFJ’s ongoing TrialWatch effort to shine a light on injustice in courts around the globe – which too often are simply…
Computing

These are the best 13-inch laptops you can buy right now

With so much choice out there, how do you know which are the best 13-inch laptops? They should have beautiful screens, long battery life, and remain light and portable. This is a list of our favorites.
Computing

These gaming monitors will transport you to another dimension

What are the best gaming monitors you can buy right now? We select five that are all priced under $900 packing premium technologies like G-SYNC and FreeSync, high resolutions, and fast refresh rates.
Photography

Luminar Accent A.I. can now recognize faces for more natural instant edits

Want to edit faster? Skylum Luminar's latest update enhances the Accent A.I. to use machine learning for instant enhancements. The tool now recognizes faces for more natural skin tones along with other enhancements.