Roughly two million users have had their personal details stolen after the official Dota 2 forum was hacked a month ago.
Dota 2 is a free multiplayer online battle arena video game developed by Valve.
News about the hack emerged on Leaked Source, a search engine for leaked information, which claims to have managed to grab the dataset and have a look at it. According to the hacked accounts database, the dataset included 1,923,972 records, each of them representing an affected account.
Moreover, the site claims that each of the leaked records includes an email address, an IP address, a username, a user identifier, and one password.
The leaked passwords were reportedly stored using MD5 hashing and a salt. Because this method of storing passwords was deemed insecure about a decade ago, cracking it was easy, and Leaked Source claims that it was already able to convert 80% of the leaked passwords to their plaintext values.
When it comes to the email addresses that the account owners used to register on the forums, Gmail addresses were the most popular, at 1,086,139 occurrences. Hotmail (173,184) and Yahoo (44,706) followed, while mail.ru (26,862) and outlook.com (24,335) rounded up top 5. Apparently, tens of thousands of the used emails addresses are disposable ones.
The forums of popular online games have been the target of choice for hackers for years, the most recent examples being the Lifeboat Minecraft community. Following a data breach in early 2016, 7 million members of the community have had their personal information exposed.
A large number of high-profile data breaches has emerged over the past several months, affecting hundreds of millions of accounts. These breaches impacted 167 million LinkedIn user accounts, 360 million Myspace accounts, 65 million Tumblr accounts, 170 million VK accounts, and 45 million users with accounts on the 1,100 websites and forums hosted by VerticalScope.