A hacker who breached a gaming news site last month gained access to millions of Steam Game Keys and forum accounts.
More than 3.3 million unique forum and site accounts as well as more than 9 million Steam Game Keys were stolen by a hacker who breached a gaming news site last month. The Steam Game Keys are used to redeem and activate keys on Steam.
The name of the hacker who breached DLH.net on July 31 is unknown, but he is believed to be the same hacker who was responsible for the Dota 2 Forum breach. The damage is quite severe, as DLH.net allows users to share redeemable Steam game keys in addition to providing reviews, news, and cheat codes. The site had more than 3.3 million unique registered accounts. The breach was made possible due to an existing vulnerability in the vBulleting forum software that powers the site’s community.
The severity of this attack can be seen by the data that is stolen, which includes email addresses, full names, usernames, date of joining, date of birth, as well as Facebook access tokens for those who used the social networking site to sign in. LeakedSource, which obtained a copy of the database at DLH.net, revealed that more than 84% of the passwords scrambled with MD5 algorithm have already been decrypted.
The database contained more than 9 million Steam keys. The database at LeakedSource now contains the breached site and its forum data, allowing users to search their data. Only a portion of the data has been shared by LeakedSource, but it reveals that numerous 15-digit alphanumeric keys have already been redeemed, rendering the keys useless for the rightful owner.
The exact number of keys that are still valid is unknown. Many of the keys matched popular games like Final Fantasy IX, KnightShift, and Pirates of Black Cove. At this point, there is no confirmation that the codes even came directly from Steam. A support page there claims that many games and products that use it come with a Steam key, regardless of whether they are sold by another retailer.
Speaking of an official statement, there was none when ZDNet approached DLH.net’s chief editor before posting the news. However, a spokesperson from the company denied outright that they had ever been hacked when the news was posted by ZDNet.
He even disputed the number of members the site has, saying that the site’s server logs do not show any sort of unusual activity in the past four weeks that would suggest a breach had taken place. Steam platform’s owner and operator Valve failed to make a comment on the situation either.