HACKERS HAVE BREACHED the forum for popular online multiplayer game Dota 2 and made off with almost two million records.
News of the hack, which apparently took place on 10 July, comes via a LeakedSource blog post, which revealed that attackers got their mitts on 1,923,972 records including usernames, email addresses, passwords and IP addresses.
If you're a member of the Dota 2 forum, you can go to the LeakedSource homepage to see if your details were grabbed in the hack. You can also request that your details are removed from the list using an automatic deletion tool.
The blog post said that more than half of hacked users logged into the forum using a Gmail address, but that "there are a lot of disposable emails present in the list".
LeakedSource seems to credit the attack to Valve's poor security procedures, as user passwords were stored using MD5 hashing and a salt.
MD5 hashing is widely considered an outdated and ineffective form of data protection, and LeakedSource claimed that it was able to convert over 80 per cent of the hacked passwords to their plaintext value.
Valve has yet to return our request for comment, but a post on Reddit said that the company has emailed users to make them aware of the breach and that a since-patched vulnerability was to blame.
"We have recently been made aware that a vulnerability in the Dota 2 Dev forum software allowed access to the forum database. The vulnerability has been patched. The database contains email addresses, forum user names, salted forum password hashes and forum posts," the email reads.
"The database relates only to the Dota 2 Dev forums at dev.dota2.com, and does not contain any Steam credentials, payment information or any other private information related to your Steam account.
"We have reset the passwords for all forum user accounts. If you used your forum password for other online services, we recommend you change those passwords as well." µ
Now you can watch documentaries about horribly disfigured people whenever you like
Brad to the bone
Being in a minority of one doesn't make you right
WeWork needs a rework