Nearly two million accounts, alongside their hashed and salted passwords used on the Dota 2 forums, have allegedly been stolen. Note, these are not Steam accounts, they’re forum accounts used on the popular dev.dota2.com community site.
The news comes via the LeakedSource website, which allows users to search through leaked records and see if their accounts have been compromised. The site collects and collates databases and user registries that are being traded online.
According to it, 1,923,972 records were taken from the Dota 2 forum, each containing email addresses, IPs, usernames, and passwords. Despite being hashed and salted, the passwords seemed to have been weakly encrypted and LeakedSource, via ZDNet, claims to have easily decrypted about 80 percent of passwords.
Now, there’s no reason to panic unless you usually recycle your accounts and have used the same account on multiple sites. As mentioned above these are not Steam accounts that have been compromised. Instead the attackers seem to have broken into the database by using a known SQL injection vulnerability.
Valve has declined to comment so far, but as usual, we urge you to change passwords, and generally rely on two-factor authentication whenever available.
Source: LeakedSource