Dota2 developer forum has suffered a massive security breach in which personal information of nearly 2million registered users has been stolen!
The official developer forum of Dota2 (Defense of the Ancients 2), multiplayer online battle arena video game suffered a massive data breach in which personal data of 1,923,972 million users was stolen.
The data breach took place on July 10th, 2016 in which emails, IP addresses, usernames, user identifier and hashed passwords were accessed and stolen and delivered to LeakedSource by an unknown sender on August 9th, 2016.
According to their blog post, LeakedSource data mining company stated that passwords were stored using MD5 hashing and a salt. The researchers were able to convert over 80% of them to their plaintext forms.
Read: Alert Gamers: RAT Activity Identified in Steam Stealer Malware Scam
The Dota2 developers have acknowledged the hack and reset the passwords for all forum user accounts. The security notice clarifies that users’ payment and Steam credentials were not stolen, yet, they have warned users about changing their passwords on other sites in case they have been using same passwords.
”We have recently been made aware that a vulnerability in the Dota 2 Dev forum software allowed access to the forum database. The vulnerability has been patched. The database contains email addresses, forum usernames, salted forum password hashes, and forum posts. The database relates only to the Dota 2 Dev forums at dev.dota2.com and does not contain any Steam credentials, payment information or any other private information related to your Steam account. We have reset the passwords for all forum user accounts. If you used your forum password for other online services, we recommend you change those passwords as well.”
How Dota2 forum was breached?
Although based on the time duration between the breach and password reset by the Dota2 developers it is clear that forum administrators were clueless about the breach, however, a thread on Reddit states the dev forum was breached as a result of an SQL injection.
Is your account among the stolen data?
In case you have an account on Dota2 dev forum it is highly recommended to change your password asap and check on LeakedSource for your credentials right now. If you are using the same password on other accounts change it right now before you lose access to them as well. There are 1,086,139 @gmail.com accounts, 173,184 @hotmail.com accounts and 44,706 @yahoo.com among the stolen data.
Here is a list of top 20 email domains among the stolen data:
The latest breach shows there is no stop to such attacks and how the gaming industry is one of the most vulnerable targets for hackers. Just a couple of weeks ago Clash of Kings forum suffered a data breach in which user accounts of 1.6 Million gamers were stolen. Before that, Lifeboat, a platform that provides gamers with an option to run servers for playing customized and multiplayer version of Minecraft was hacked and login details of seven million users were stolen.