According to a recent report, the DOTA 2 forum was hacked on Jul. 10, 2016 exposing 1,923,972 entries each containing an e-mail address, an IP address, a username, a password, and more.
The report comes from a new breach notification website called LeakedSource which reads that DOTA 2 forum passwords are stored on Valve’s servers using MD5 hashing which is not the most secure algorithm for hashing a password.
DOTA 2 Forum Hacked
Valve’s MD5 hashing is apparently filled with vulnerabilities that can be reversed using a brute-force attack. When performed by LeakedSource, the website was able to convert about 80% of the hashed passwords into simple text.
Users who are concerned about their credentials on LeakedSource database can head over to this link and remove it from the site’s copy without any difficulty – if it is present there. However, beware of the hackers and change the sensitive information as early as possible!
Lastly, speaking of e-mail services, the report says that a total of 56 e-mail domains were used to register on DOTA forum with Google’s Gmail topping the list with 1,086,139 users followed by Hotmail, Yahoo!, Mail.ru, Sina, Ymail, etc. There are also some disposable e-mail addresses which suggests that those users only created them to access this specific forum only.
So far Valve has not said anything about the matter, but we will make sure to update you as we come across anything!
In related DOTA 2 news, The International 6 regional qualifiers format and schedule have been released. Those of you who are looking forward to follow the entire tournament as it happens can head over to the post for more information.