Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions Of Steam Game Keys Stolen After Hacker Breaches Gaming Site (zdnet.com)

Posted by msmash on from the security-woes dept.

An anonymous reader writes:A little over nine million keys used to redeem and activate games on the Steam platform were stolen by a hacker who breached a gaming news site last month. The site, DLH.net, provides news, reviews, cheat codes, and forums, was breached on July 31 by an unnamed hacker, whose name isn't known but was also responsible for the Dota 2 forum breach. The site also allows users to share redeemable game keys through its forums, which along with the main site has around 3.3 million unique registered users, according to breach notification site LeakedSource.com, which obtained a copy of the database. A known vulnerability found in older vBulletin forum software, which powers the site's community, allowed the hacker to access the databases. The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data. Facebook access tokens were stolen for those who signed in with their social account.

5 of 68 comments (clear)

  1. Steam down ATM by bignetbuy · · Score: 3, Interesting

    Related or no? I'm unable to access any Steam functions other than games at the moment. No discussions. No store. No community page. Can access other sites fine though.

    1. Re:Steam down ATM by Anonymous Coward · · Score: 0, Interesting

      The US government need everybody to remain interested in Microsoft "for games" which is actually the bait.

      Everyone is starting to get the picture now, in no small way. The NSA dipshits who think their lives rely on their ability to be ninjas online go ahead and backstab the USA population for what they perceive to be their personal gains.

      Reality? All spies just kill yourselves you have nothing to gain or lose. Real Farts Matter.

  2. Re:bolted by Anonymous Coward · · Score: 2, Interesting

    To clarify they for you, in this case it is DLH.net that was hacked via a PHP bulletin board issue, not Steam. To the best of my knowledge, DLH did not put out a browser. Steam on the other hand, appears to use a fork of Chromium/WebKit for their browser, so they didn't really develop one, either, they just took an existing one and bolted it in.

    For what it's worth, Steam doesn't trust browsers very much, either. The only way you can redeem a game code is through their client. Probably to prevent a hacker from devising an automated attack against it.

  3. Re:Bound to happen by Nemyst · · Score: 4, Interesting

    Redeemable keys used for sharing have not been redeemed and can therefore be used by anybody without any action of whoever actually purchased/obtained the key.

  4. Re:What exactly does that mean? by ADRA · · Score: 3, Interesting

    Oauth tokens. Potentially giving access to all shared data given to the site from fb (emails, maybe given name, contacts?). Of course this is a non-issue if FB invalidates the application token granted to the specified web site.

    --
    Bye!