On the 10th July, the Dota 2 forum was reportedly compromised with almost 2 million user credentials taken by the hackers. Email addresses, usernames, passwords and IP addresses were all in the data breach.
The passwords taken from the vBulletin based forum, which was an old version of the popular forum software, were stored using MD5 hashing and a salt. MD5 hashing has long been cracked and breach notification site LeakedSource reports that 80% of the passwords have been able to be decrypted to their plaintext values, due to the outdated data protection.
There has been no official announcement from Valve regarding the data breach at this time.
Steps you should think about taking to secure yourself on Dota 2 Forums and other sites
- Head over to the Dota 2 forums and reset your password,
- If you use the same email/username and password combination on other sites, update your password there as well.
- Where possible, also consider enabling 2 Factor Authentication.
- If you have trouble remembering passwords or creating secure passwords, we also recommend considering services like LastPass.
- Check whether your email address’ has been part of a previous data breach at haveibeenpwned.com and LeakedSource.