Home / Software & Service News / ‘DOTA 2’ forum hack spills almost two million passwords

‘DOTA 2’ forum hack spills almost two million passwords

The website LeakedSource has revealed that a forum tied to the game DOTA 2 was hacked on July 10th, 2016. Attackers were able to make off with almost two million records, including usernames, email addresses, passwords and IPs. You can check if your personal details are amongst LeakedSource’s records by heading over to the site and searching for your own name. Users will be able to request that their details are removed from the list using its automatic deletion tool as well.

It appears that Valve’s questionable security procedures are to blame, since the firm used MD5 hashing and a salt. In layman’s terms, it’s a quick and simple method of hiding data, but not one that should be used to store people’s private information. As this StackExchange thread from 2014 explains, a sufficiently-motivated hacker with decent hardware would be able to crack “the hashes of all possible 8-character passwords for a given salt in mere hours.” That’s why around 80 percent of the forum’s database was converted to plain text so easily.

We’ve reached out to Valve for any comment on the situation, but don’t expect to hear back from the notoriously-private company. In the meantime, it’s best to make sure that none of your passwords are shared with any other sites or services and keep your eye on Have I Been Pwned.

Via: ZDNet, PC Gamer

Source: LeakedSource

Click Here For Original Source Of The Article

About Ms. A. C. Kennedy

Ms. A. C. Kennedy
My name is Ms A C Kennedy and I am a Health practitioner and Consultant by day and a serial blogger by night. I luv family, life and learning new things. I especially luv learning how to improve my business. I also luv helping and sharing my information with others. Don't forget to ask me anything!

Check Also

Windows 10 included password manager with huge security hole

There's a good reason why security analysts get nervous about bundled third-party software: it can introduce vulnerabilities that the companies can't control. And Microsoft, unfortunately, has learned that the hard way. Google researcher Tavis Ormandy discovered that a Windows 10 image came bundled with a third-party password manager, Keeper, which came with a glaring browser plugin flaw -- a malicious website could steal passwords. Ormandy's copy was an MSDN image meant for developers, but Reddit users noted that they received the vulnerable copy of Keeper after clean reinstalls of regular copies and even a brand new laptop.

A Microsoft spokesperson told Ars Technica that the Keeper team had patched the exploit (in response to Ormandy's private disclosure), so it shouldn't be an issue if your software is up to date. Also, you were only exposed if you enabled the plugin.

However, the very existence of the hole has still raised a concern: are Microsoft's security tests as thorough for third-party apps as its own software? The company has declined to comment, but that kind of screening may prove crucial if Microsoft is going to maintain the trust of Windows users. It doesn't matter how secure Microsoft's code is if a bundled app undermines everything.

Source: Monorail, Tavis Ormandy (Twitter)