While 16 teams were battling for a spot at The International, a hacker made off with 1.9m account details from a Dota 2 discussion forum.
The official forum, dev.dota2.com, was attacked on 10th July and LeakedSource was sent a copy of the compromised data earlier this week. It’s important to note that this forum is not automatically linked to your Dota 2 game profile or Steam profile in any way.
From what we can gather from a report by ZDNet, the hacker exploited a SQL injection vulnerability in the vBulletin software which the forum uses.
While the information the attacker made off with was limited, it isn’t all that limited.
The data set contains user names, IP addresses, and a password.
While the passwords were hashed this was done with an MD5 algorithm and a salt which further scrambled the password. At this stage however, LeakedSource has converted 80% of the passwords into plain text.
Dota 2 players have strange email accounts
Combing throw the data, LeakedSource discovered a few oddities in the emails used by dev.dota2.com users.
While you’ll find the usual suspects such as Gmail and Hotmail but as you go down the list some strange domains start appearing.
The domain, @whiskey.gamma.coayako.top was used for 3745 accounts. Guccibagshere.com popped up 3 724 times and our favourite, niketexanshome.com was used 3 415.
We’re almost certain that these are email addresses used by something like a bot and was simply caught in the net the hacker dragged through the forum’s servers.
If you have an account for the official forum we recommend changing your password immediately and as user, Manny Calavera so eloquently put it, “And for pete’s sake, if your forum account shares a password with your e-mail, change your e-mail password as well.”[Via – ZDNet][Image – Dota 2]