An official forum for Dota 2, the popular multiplayer online battle arena (MOBA) video game, has been breached by a hacker who was able to steal nearly two million records including email addresses, usernames, passwords and IP addresses.
Breach notification website LeakedSource was able to obtain a copy of the hacked database and has revealed that it held records on 1,923,972 users in total. On its website, LeakedSource claims the hack occurred on 10 July this year.
The compromised passwords were hashed and salted with an MD5 algorithm, however this – by modern computing standards – is easily broken. Indeed, LeakedSource claim to have cracked 80% of the credentials in the data dump into plaintext. Most of the records were signed up with Gmail (1,086,139) however other popular email services included Hotmail (173,184) and Yahoo (44,706).
A number of the email addresses appear to be throwaway accounts, with domains like @e-mail.org, @gotmail.org and @qq.com. LeakedSource told: "The usernames attached to them may still be used but they didn't want to provide their real email for some reason. Or [they] could just be spam accounts."
The breach has since been confirmed by a forum administrator, who explained that "a vulnerability in the Dota 2 Dev forum software" gave hackers access to the forum's database. The admin added the problem has now been patched. "The database contains email addresses, forum user names, salted forum password hashes, and forum posts," the admin – using the name DanielJ - explained in a post.
"The database relates only to the Dota 2 Dev forums at dev.dota2.com, and does not contain any Steam credentials, payment information or any other private information related to your Steam account. We have reset the passwords for all forum user accounts. If you used your forum password for other online services, we recommend you change those passwords as well."