Users of the Dota 2 forums might want to change their passwords as it was reportedly hacked on July 10 with the hackers taking usernames, emails and passwords.
LeakedSource.com was the first to receive a copy of the leaked database of Dota 2 forum users. The breach notification website claimed that the database contains more than 1.9 million records of the users who are on the Dota 2 forums by Valve.
Each of the records contain the IP address, username, password, user identifier and email address of the user itself. With just a little more effort, the hackers can quickly check if the passwords also match other accounts especially banking credentials or those from social media sites.
The hacker or hackers were able to get the massive Dota 2 forums user database by exploiting an SQUL injection vulnerability from the vBulletin software used by the site itself, ZDNet has learned. While the passwords were hashed when they were taken, most of them are easily decrypted using readily available cracking tools online.
One representative from the LeakdSource website told ZDNet that 80 percent of the hashed passwords were already unscrambled to plain text. Hackers can then use the passwords to check for other available accounts with the same email address and usernames.
Emails have already been sent to those who have accounts on Dota 2 forums. Users are advised to change not only their Dota 2 forums passwords but also for their other accounts as well if they use the same one over and over again, PC World reported.
If a Dota 2 forum user was using the same password for his or her social media accounts, the hacker can try to use them to gain access to their accounts. They can also try to login mobile banking accounts to siphon off money.
With so many accounts free to register and activate, users tend to use just one password across all of them. This makes it easier for them to remember the password but it is also riskier.
Dota 2 forum users should change their passwords now including their other accounts. Hackers may try to access them anytime.