14 DAY TRIAL // The Dota2 official developers forum was breached, and details for almost 2 million users were stolen following an attack that took place on July 10, 2016, data breach index site LeakedSource reports.
According to the company, who has received the data for analysis from an anonymous source, the stolen database contains 1,923,972 forum user records.
For each forum users, LeakedSource says there is a username, an email address, a user identifier, a password, and an IP address.
Passwords hashed using weak algorithm
Uncharacteristic for a company in 2016, the password was hashed with the MD5 algorithm and then salted.
Because MD5 is considered a very weak hashing algorithm, at the time it announced the breach, LeakedSource said it managed to crack at least 80 percent of all passwords, reverting them to their plaintext versions.
Out of all the nearly 2 million user records, more than half of users had registered with a Gmail email address, based on a simple data analysis. LeakedSource says that they found a lot of disposable email addresses on the list.
Game dev acknowledges breach, users will have to reset forum passwords
The Dota2 (Defense of the Ancients 2) dev forum is not the game's official forum, but only the one used by game and app developers. Dota2 is a game developed by Valve. The Dota2 dev forums run on the vBulletin platform.
Forum administrators acknowledged the incident via a thread on the discussion board and said they reset all user account passwords forcibly.
"We have recently been made aware that a vulnerability in the Dota 2 Dev forum software allowed access to the forum database," the Dota2 admins wrote. "The vulnerability has been patched. The database contains email addresses, forum user names, salted forum password hashes, and forum posts."
"The database relates only to the Dota 2 Dev forums at dev.dota2.com, and does not contain any Steam credentials, payment information or any other private information related to your Steam account," they also added.
| # | Email Domain | Frequency |
|---|---|---|
| 1 | @gmail.com | 1,086,139 |
| 2 | @hotmail.com | 173,184 |
| 3 | @yahoo.com | 44,706 |
| 4 | @mail.ru | 26,862 |
| 5 | @outlook.com | 24,335 |
| 6 | @sina.com | 22,880 |
| 7 | @ymail.com | 13,802 |
| 8 | @cmail.com | 12,957 |
| 9 | @aol.com | 12,906 |
| 10 | @msn.com | 9,341 |