Change Your Pa55word: Dota 2 Forums Hacked

This is what hackers REALLY look like

All right folks, you know the drill. The forums of Dota 2’s official website have been hacked, compromising details from almost 2 million user accounts, including usernames, emails and passwords. A database of 1,923,972 records has been exposed, according to Leaked Source, a search engine that lets internet users see if their details have been leaked. So get those keyboards ready, it’s time for a password change!

The passwords for each account were “encrypted” using MD5 hashing. But if you listen carefully you can hear cryptography experts laughing harshly in the distance. That’s because MD5 is famously weak and Leaked Source say that they were able to convert 80% of these to plain text, meaning if you have signed up to the forums, even if you don’t frequent them anymore, you should get out those random number generators and create a new password. And if you do find yourself in Leaked Source’s search engine, don’t forget to remove yourself from that database as well. It’s also important to note that the forums are separate from Steam itself, so you’ve only got a problem with your Steam account if you use the same password for both. Something you should never do, you naughty person.

The hack itself happened on July 10. Most of the compromised email addresses are from Gmail (over 1 million of them), with Hotmail and Yahoo following far behind. But there are also a lot of disposable emails included in the line-up, which suggests that a chunk of those 2 million accounts are made of the usual chaff that lurks on the internet – bots, throwaway logins, ghosts, etc. But this is still part of the growing trend for hackers to go after games websites for information. DayZ, Origin, Kickstarter and Twitch have all been victims of hackers, to varying degrees. And these aren’t your Elliots or your Zero Cools. These are the other kind. The kind that look like this.

From this site

6 Comments

  1. Xiyng says:

    Anyone still using MD5 for hashing passwords should be severely punished, even if they are the victim of a hack. The same goes for storing plaintext passwords, but the punishment should be much, much more severe. There’s just no excuse for either of those two cases.

  2. Radiant says:

    I dunno what an MC5 or a plainrice password is but I’m FURIOUS that Caldwell has revealed my password in the header of this article.