'DOTA 2' forum hack spills almost two million passwords

Another reminder not to share your passwords between sites and services.

The website LeakedSource has revealed that a forum tied to the game DOTA 2 was hacked on July 10th, 2016. Attackers were able to make off with almost two million records, including usernames, email addresses, passwords and IPs. You can check if your personal details are amongst LeakedSource's records by heading over to the site and searching for your own name. Users will be able to request that their details are removed from the list using its automatic deletion tool as well.

It appears that Valve's questionable security procedures are to blame, since the firm used MD5 hashing and a salt. In layman's terms, it's a quick and simple method of hiding data, but not one that should be used to store people's private information. As this StackExchange thread from 2014 explains, a sufficiently-motivated hacker with decent hardware would be able to crack "the hashes of all possible 8-character passwords for a given salt in mere hours." That's why around 80 percent of the forum's database was converted to plain text so easily.

We've reached out to Valve for any comment on the situation, but don't expect to hear back from the notoriously-private company. In the meantime, it's best to make sure that none of your passwords are shared with any other sites or services and keep your eye on Have I Been Pwned.