Yup, here we go again – another reminder that you should never use the same password for different accounts and pages. But let’s start at the beginning.
LeakedSource, a relatively well know website that gives users the ability to find out whether their data is available online in relation to some kind of breach, announced on their blog that the official Dota 2 forums were hacked on July 10th. According to them the stolen data contain “1,923,972 records. Each record contains an email address, ip address, username, user identifier, and one password.”
The even bigger issue though is that Valve, the company behind products and titles such as Steam, Half Life, Team Fortress and Counter Strike, has only stored said data by using a MD5 algorithm (a security method that is not … well, let’s be kind and say ‘the best’) and a salt. This allowed for 80% of the data to be converted to their plain text values already. Yes, you’ve read that right. 80%!
According to a Dota 2 forum admin a “vulnerability in the Dota 2 Dev forum software allowed access to the forum database”. The vulnerability has since been patched and the passwords for all forum user accounts were reset.
He also states that “the database relates only to the Dota 2 Dev forums at dev.dota2.com, and does not contain any Steam credentials, payment information or any other private information related to your Steam account”.
So far, so good.
Now, Defense of the Ancients 2 is a very, very, very popular multiplayer online battle arena (short: MOBA) game by Valve. It’s one of the eSport titles and – as you can see – it also has a huge and active community. The game itself sports around 13 million players, who spend a lot of time honing their skills and improving their rankings. Basically, they sink a lot of time and effort into their accounts.
What would happen, if only half of the forum players would use the same login data for their Dota 2 game accounts? Or worse: Their steam accounts which might hold hundreds of PC games worth hundreds of dollars? Considering how lazy a lot of people are, it would probably take no one by surprise if this actually was the case.
Which brings us full circle with the reminder at the beginning of this article: change your passwords and never use the same one for different accounts and pages.
Really Valve?! MD5 algorithm? Do I have to change my steam password every month or even more often?