Skip to main content

The 'Dota 2' forum was hacked in July, and we're just now hearing about it

If you’re a member of the Dota 2 forum connected to the popular multiplayer online game, now would probably be a good time to change your password for the site and possibly for other online services as well. A new breach notification site called LeakedSource reports that the forum was hacked on July 10, 2016, exposing 1,923,972 records, each containing an email address, an IP address, a username, a user identifier, and a password.

According to the report, the forum’s passwords are stored on Valve Software’s servers using MD5 hashing and a salt, the latter of which is random data injected as an additional input into the password to help “scramble” the information. However, the outdated MD5 isn’t exactly the most secure algorithm for hashing a password, as it’s notably filled with vulnerabilities and can be reversed by a brute-force attack. LeakedSource said it managed to convert over 80 percent of the hashed passwords to their plain text values.

Recommended Videos

“It’s a fast and memory-conserving algorithm,” stated a response in a Stack Exchange thread a few years ago. “That means an attacker can compute the hash of a large number of passwords per second. Using specialized hardware (like FPGA arrays or ASICs) worth a few thousand dollars you can compute the hashes of all possible 8-character passwords for a given salt in mere hours.”

On the email front, the report reveals a list of 56 email domains that were used to register for the Dota 2 forum. The top 10 include Gmail with 1,086,139 users, followed by Hotmail, Yahoo, Mail.ru, Outlook, Sina, Ymail, Cmail, AOL, and MSN. The report adds that the list also includes quite a few disposable emails, meaning they’re simply temporary and likely used only for this specific forum.

Additional reports point to Valve Software’s use of an older version of the vBulletin software used to run the forum. Evidently, there’s an SQL injection vulnerability in the platform, allowing hackers to inject SQL statements into an entry field to execute a command, such as to dump the forum’s database contents into one large file to download. SQL is a programming language used to manage data in a database management system.

Dota 2 players worried about hackers gaining access to their account credentials can search LeakedSource’s database by heading here. If by chance your information is indeed in the Dota 2 data pool, or in any other leaked database in possession by LeakedSource, you can remove this sensitive info from the site’s copy for free. However, your information will still be in the hands of hackers.

The first report provided by LeakedSource appears to be March 30 of this year, stating that Mate1.com was hacked in October 2015. LeakedSource obtained a copy of the site’s database containing 27,403,958 accounts. Passwords were reportedly stored in plain, visible text, revealing that the site wasn’t using any type of encryption to protect user accounts. The most used password was “123456” followed by “123456789” and “123.” Seriously?

So far Valve Software has not issued a statement regarding LeakedSource’s report of the July Dota 2 forum hack.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Don’t miss this chance to buy a MacBook Air at $200 off
The MacBook Air on a table in front of a window.

For those who have always wanted to get one of Apple's MacBooks but can't stomach the price tag, here's your chance to buy one for a relatively affordable price. Best Buy has slashed the price of the 13-inch Apple MacBook Air M3 to only $699, for savings of $200 on its sticker price of $899. You need to act fast though, as there's always high demand for MacBook deals. The stocks that are up for sale may already be gone as soon as tomorrow.

Why you should buy the 13-inch Apple MacBook Air M3

Read more
This HP Chromebook is under half-price today — just $190
The HP Chromebook 14 laptop on a white background.

You should turn your attention towards Chromebook deals if you want to buy a new laptop on a tight budget, and we've found an offer that you won't want to miss. From its original price of $410, the HP Chromebook 14 is down to just $190 for savings of $220 from Walmart. You won't always have the chance to get this device for less than half-price though -- in fact, the opportunity may be gone as soon as tomorrow. If you want to take advantage of the discount, you need to buy the Chromebook right now.

Why you should buy the HP Chromebook 14

Read more
Avast’s most complete antivirus plan is 70% off right now
Couple making selfie inside car with open window.

Avast has been popping off with incredible deals this month. The antivirus company recently offered 70% off its Premium tier of virus protection. For the next 30 days, Avast is extending that offer to its Ultimate tier of protection. That means you can protect one device with Avast Ultimate for $33 for a year, down from its usual $110. If you want to cover 10 devices, you'll only pay $42 instead of $140.

Let's dive into what Avast Ultimate offers and why you might want it over the free tier or the Premium plan. This deal is live now, and will stick around for the next four weeks.

Read more