Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions Of Steam Game Keys Stolen After Hacker Breaches Gaming Site (zdnet.com)

Posted by msmash on from the security-woes dept.

An anonymous reader writes:A little over nine million keys used to redeem and activate games on the Steam platform were stolen by a hacker who breached a gaming news site last month. The site, DLH.net, provides news, reviews, cheat codes, and forums, was breached on July 31 by an unnamed hacker, whose name isn't known but was also responsible for the Dota 2 forum breach. The site also allows users to share redeemable game keys through its forums, which along with the main site has around 3.3 million unique registered users, according to breach notification site LeakedSource.com, which obtained a copy of the database. A known vulnerability found in older vBulletin forum software, which powers the site's community, allowed the hacker to access the databases. The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data. Facebook access tokens were stolen for those who signed in with their social account.

2 of 68 comments (clear)

  1. Sigh. Another Vulnerable PHP Service by dgatwood · · Score: 4, Informative

    I've pretty much concluded that all the PHP-based bulletin boards are a security nightmare. Even the ones that are small enough to audit tend to be filled with old-style mysql_query calls and other horrors of the past.

    The best thing about PHP 7, in my view, is that they're finally killing the old MySQL API. They should have done that years ago. Now, you'll be able to tell which software is reasonably up-to-date based on whether it supports PHP 7 or not. Incidentally, vBulletin's website says that it still doesn't. That's probably not a good sign. :-)

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. Re:Sharing keys? So many questions by pushing-robot · · Score: 3, Informative

    People sometimes get free or discounted keys and want to sell or trade them for games they actually want.

    No one said there were millions of *unredeemed* keys stolen, just millions of keys. It's likely 99% of people who got keys through DLH used them immediately and the codes are meaningless now.

    --
    How can I believe you when you tell me what I don't want to hear?