Overclock.net › Forums › Industry News › Software News › [NextPowerUP] DOTA 2 Forum Hacked, 2 Million Passwords Stolen
New Posts  All Forums:Forum Nav:

[NextPowerUP] DOTA 2 Forum Hacked, 2 Million Passwords Stolen

post #1 of 7
Thread Starter 
Quote:
The official forum for Valve's DOTA 2 was hacked in July and information belonging to around 2 million users was stolen. LeakedSource reports the attackers stole passwords, email addresses, IPs, and usernames. You can search for your info to see if it was included here.

Valve is remaining quiet and it appears the company's method of security is to blame for much of the damage. Passwords were secured with MD5 hashing and a salt, which is far from ideal for protecting private data.

Around 1.54 million passwords (80%) were reportedly turned into plain text with ease.

Source.
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 1060 6 GB Gaming X 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 2TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 1060 6 GB Gaming X 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 2TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
post #2 of 7
And thats why LoL is better than DOTA! =P i kid i kid.
Zev's Comp
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-2500K Sandy Bridge 3.3GHz GIGABYTE GA-Z68X-UD3H-B3 LGA 1155 Intel Z68 HDM... GeForce GTX 750 Ti G.SKILL Ripjaws X Series 8GB 
Hard DriveHard DriveHard DrivePower
1TB HDD 64GB SSD (Used for SRT) 500 GB. Antec BP550 Plus 550W Continuous Power ATX12V V... 
Case
COOLER MASTER ELITE 335 RC-335-KKN1-GP Black S... 
  hide details  
Reply
Zev's Comp
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-2500K Sandy Bridge 3.3GHz GIGABYTE GA-Z68X-UD3H-B3 LGA 1155 Intel Z68 HDM... GeForce GTX 750 Ti G.SKILL Ripjaws X Series 8GB 
Hard DriveHard DriveHard DrivePower
1TB HDD 64GB SSD (Used for SRT) 500 GB. Antec BP550 Plus 550W Continuous Power ATX12V V... 
Case
COOLER MASTER ELITE 335 RC-335-KKN1-GP Black S... 
  hide details  
Reply
post #3 of 7
Hmm...is it that easy to "reverse hash" MD5 + salt today?


EDIT: a quick search seems to indicate that the MD5 sums of the most common phrases are available in databases.
Edited by f1LL - 8/10/16 at 9:43am
PC
(19 items)
 
  
CPUMotherboardGraphicsRAM
Ryzen 7 1700 Crosshair VI Hero GTX970 @1492MHz F4-3200C14-8GFX 
Hard DriveHard DriveHard DriveOptical Drive
Crucial MX200 Samsung 850 Evo a few HDD's LG BluRay BH16NS40 
CoolingOSOSMonitor
Noctua NH-D15 Windows 10 Pro Arch Linux LG W2442PA 
MonitorKeyboardPowerCase
Viewsonic XG2401 Cherry MX-Board 3.0 Corsair RM850i Fractal Define R5 
MouseMouse PadAudio
Logitech G403 Roccat Taito OnBoard + Focusrite Scarlett 18i8 
  hide details  
Reply
PC
(19 items)
 
  
CPUMotherboardGraphicsRAM
Ryzen 7 1700 Crosshair VI Hero GTX970 @1492MHz F4-3200C14-8GFX 
Hard DriveHard DriveHard DriveOptical Drive
Crucial MX200 Samsung 850 Evo a few HDD's LG BluRay BH16NS40 
CoolingOSOSMonitor
Noctua NH-D15 Windows 10 Pro Arch Linux LG W2442PA 
MonitorKeyboardPowerCase
Viewsonic XG2401 Cherry MX-Board 3.0 Corsair RM850i Fractal Define R5 
MouseMouse PadAudio
Logitech G403 Roccat Taito OnBoard + Focusrite Scarlett 18i8 
  hide details  
Reply
post #4 of 7
How could Steam not address this if its true? Did anyone on here (as a member of that forum) get a forced password reset by chance?

That email search site is nifty though.
post #5 of 7
Quote:
Originally Posted by Faster_is_better View Post

How could Steam not address this if its true? Did anyone on here (as a member of that forum) get a forced password reset by chance?

That email search site is nifty though.


I did.
Quote:
noreply@valvesoftware.com
1:03 AM (11 hours ago)

to me
***********@gmail.com,

We have recently been made aware that a vulnerability in the Dota 2 Dev forum software allowed access to the forum database. The vulnerability has been patched. The database contains email addresses, forum user names, salted forum password hashes, and forum posts.

The database relates only to the Dota 2 Dev forums at dev.dota2.com, and does not contain any Steam credentials, payment information or any other private information related to your Steam account.

We have reset the passwords for all forum user accounts. If you used your forum password for other online services, we recommend you change those passwords as well.

If you would like to log in to make a forum post, you'll need to choose a new password.
Lil' Roy Taylor
(11 items)
 
  
Reply
Lil' Roy Taylor
(11 items)
 
  
Reply
post #6 of 7
Quote:
Originally Posted by f1LL View Post

Hmm...is it that easy to "reverse hash" MD5 + salt today?


EDIT: a quick search seems to indicate that the MD5 sums of the most common phrases are available in databases.


No way. There's has to be more to this story than what we are reading. You know that.

IMHO most people don't even know what your saying? Salt on french fries is good, salt on pw's even better. biggrin.gif
MyCleanPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4770k ASUS MAXIMUS VI EVGA master blaster Corsair Vengence  
Hard DriveOptical DriveOSMonitor
OCZ SSD raid0 samsung Win 7 Samsung 
PowerCase
Enermax rev 1050 Stacker 832 
  hide details  
Reply
MyCleanPC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4770k ASUS MAXIMUS VI EVGA master blaster Corsair Vengence  
Hard DriveOptical DriveOSMonitor
OCZ SSD raid0 samsung Win 7 Samsung 
PowerCase
Enermax rev 1050 Stacker 832 
  hide details  
Reply
post #7 of 7
i got a warning about that website for checking if your pass was stolen... came up as being an untrustworthy website.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [NextPowerUP] DOTA 2 Forum Hacked, 2 Million Passwords Stolen