Breach, Threat Management, Data Security, Network Security, Patch/Configuration Management, Vulnerability Management

Damage dealer: Breach of Dota 2 gaming forum exposes 1.9 million accounts

While players of Valve Corporation's online battle arena game Dota 2 were busy fighting each other for supremacy, a real-life adversary recently pulled off his own conquest, stealing 1,923,972 account records from the official Dota 2 forum's database.

In an Aug. 9 blog post, data breach notification site LeakedSource.com divulged the hack, which occurred on July 10. Each pilfered record included an email address, IP address, username, user identifier and password. Although passwords were hashed and salted, the encryption was weak, allowing LeakedSource.com to decipher over 80 percent of them.

“Unfortunately, this yet again demonstrates that 'good enough' is not good enough when it comes to security. Data persists, so even if you've taken steps to protect that information, hackers may have the tools to negate these defenses six months, one year or three years down the line," said Jacob Ginsberg, senior director at email encryption software company Echoworx, in comments emailed to SCMagazine.com. "Simple hashing of passwords isn't enough – using strong encryption should be a prerequisite for any organization handling account information."

ZDNet has reported that the attacker leveraged a SQL injection vulnerability in the software that runs the affected forum. Forum software developer vBulletin Solutions stated in an Aug. 9 post that the vulnerability was patched, user account passwords were reset, and no payment information or gaming credentials were stolen.

The vast majority of compromised forum accounts – nearly 1.1 million – were registered via Gmail.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.