Dota 2 Forum Breach Leaks 2 Million User Accounts

Reader writes: In another case of serious programmer impairment, the DOTA 2 official forums have been hacked, making available to the perpetrators around 2 million emails, usernames, and MD5 hashed passwords. […] From the report: The hack was carried out last month on July 10. The copy of the leaked database was provided to breach notification site, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data. The hacker took advantage of an SQL injection vulnerability used by the older vBulletin forum software, which powers the community. That allowed them to access the database of limited user data, such as username, email, IP address of the user. The data also includes the user’s hashed password — which uses the MD5 algorithm, which is widely considered insecure by today’s standards, alongside the salt, used to scramble the password further. A member of the LeakedSource group told me that 1.54 million of the passwords — or about 80 percent — have already been unscrambled using rudimentary and run-of-the-mill cracking tools.

Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *