Skip to main content

The 'Dota 2' forum was hacked in July, and we're just now hearing about it

Dota 2 3
Image used with permission by copyright holder
If you’re a member of the Dota 2 forum connected to the popular multiplayer online game, now would probably be a good time to change your password for the site and possibly for other online services as well. A new breach notification site called LeakedSource reports that the forum was hacked on July 10, 2016, exposing 1,923,972 records, each containing an email address, an IP address, a username, a user identifier, and a password.

According to the report, the forum’s passwords are stored on Valve Software’s servers using MD5 hashing and a salt, the latter of which is random data injected as an additional input into the password to help “scramble” the information. However, the outdated MD5 isn’t exactly the most secure algorithm for hashing a password, as it’s notably filled with vulnerabilities and can be reversed by a brute-force attack. LeakedSource said it managed to convert over 80 percent of the hashed passwords to their plain text values.

Recommended Videos

“It’s a fast and memory-conserving algorithm,” stated a response in a Stack Exchange thread a few years ago. “That means an attacker can compute the hash of a large number of passwords per second. Using specialized hardware (like FPGA arrays or ASICs) worth a few thousand dollars you can compute the hashes of all possible 8-character passwords for a given salt in mere hours.”

Please enable Javascript to view this content

On the email front, the report reveals a list of 56 email domains that were used to register for the Dota 2 forum. The top 10 include Gmail with 1,086,139 users, followed by Hotmail, Yahoo, Mail.ru, Outlook, Sina, Ymail, Cmail, AOL, and MSN. The report adds that the list also includes quite a few disposable emails, meaning they’re simply temporary and likely used only for this specific forum.

Additional reports point to Valve Software’s use of an older version of the vBulletin software used to run the forum. Evidently, there’s an SQL injection vulnerability in the platform, allowing hackers to inject SQL statements into an entry field to execute a command, such as to dump the forum’s database contents into one large file to download. SQL is a programming language used to manage data in a database management system.

Dota 2 players worried about hackers gaining access to their account credentials can search LeakedSource’s database by heading here. If by chance your information is indeed in the Dota 2 data pool, or in any other leaked database in possession by LeakedSource, you can remove this sensitive info from the site’s copy for free. However, your information will still be in the hands of hackers.

The first report provided by LeakedSource appears to be March 30 of this year, stating that Mate1.com was hacked in October 2015. LeakedSource obtained a copy of the site’s database containing 27,403,958 accounts. Passwords were reportedly stored in plain, visible text, revealing that the site wasn’t using any type of encryption to protect user accounts. The most used password was “123456” followed by “123456789” and “123.” Seriously?

So far Valve Software has not issued a statement regarding LeakedSource’s report of the July Dota 2 forum hack.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Lenovo Legion Go S vs. Steam Deck OLED: here’s what we know so far
The Lenovo Legion Go S with SteamOS installed.

 

Lenovo's Legion Go 2 was one of the worst-kept secrets for CES 2025, but now we don't need to pretend anymore, as we've not only seen it in the flesh, but we've had some hands-on time with it too, and we're very excited. With an upgraded display, processor, and newly affordable price tag, the Legion Go S is gunning for the Steam Deck's crown. Most importantly, it'll likely be the first dedicated SteamOS handheld available outside of the Steam Deck -- although SteamOS will be more widely available in general too.

Read more
This Chromebook is ideal for school, and it’s just $160
The Gateway 14-inch full HD Chromebook on a white background.

Target may not be the first place you think of when it comes to Chromebook deals, but you should certainly check it out today. Currently, you can buy a Gateway 14-inch full HD Chromebook for just $160 from the popular retailer. Normally selling for $250, there’s a considerable $90 saving here, which makes now the time to buy. This Chromebook is ideal for anyone who wants to keep costs super low. We’re here to tell you why it’s one of the best laptop deals for anyone on a tight budget.

Why you should buy the Gateway 14-inch full HD Chromebook
Gateway isn’t a name you’ll see among the best laptop brands, but it is a reputable one. Focused on budget offerings, it’s maybe not one that you’d want to invest in for years to come, but it’s a viable options for an inexpensive Chromebook to tide you over. That’s kind of the thinking with this Gateway 14-inch full HD Chromebook. Sure, it won’t offer an all encompassing Windows-esque experience, but it’s perfect if you just need something simple to type up some essays, browse online, or do other simple tasks.

Read more
These 3 monitors trends dominated CES — and surprised everyone
3 monitor trends dominated ces 2025 lg 5k2k oled 02

I looked at a lot of monitors this week at CES. And I mean a lot. LG, Samsung, Asus, Acer, Lenovo, Dell -- they all brought new monitors at the show this year, some of which look like some of the best monitors you'll be able to buy.

But in looking at the best monitors of CES 2025, I saw three clear trends emerging from the releases, and they're going to be a big deal as the year goes on.
OLED goes beyond gaming

Read more