Hackers have breached the Dota 2 Dev forum and stolen approximately two million users' personal information, including their login credentials.
An administrator for the forum, which serves as a discussion place for enthusiasts of the free-to-play online multiplayer game Dota 2, announced the breach on 9 August in a blog post:
"We have recently been made aware that a vulnerability in the Dota 2 Dev forum software allowed access to the forum database. The vulnerability has been patched. The database contains email addresses, forum user names, salted forum password hashes, and forum posts."
The breach affected all 1,923,972 members of the forum.
To protect users' passwords, Valve Corporation, the operator of the hacked forum, chose to implement MD5, a hashing algorithm which attackers have broken in other attack campaigns.
This particular breach is no different. After gaining access to the database, individuals at LeakedSource broke approximately 80 percent of the salted and hashed passwords.
They also analysed the database and determined that over half of users registered with a Gmail email account, whereas tens of thousands of others joined up using a disposable email address.
The administrator does not mention in his post how the hackers gained access to the database.
In response to the incident, Dota 2 Dev reset all passwords, meaning users will need to change their passwords if they wish to access their forum profiles and/or submit a new post.
The compromised database relates only to the Dota 2 Dev forums at dev.dota2.com. There is no evidence to suggest hackers made off with Steam credentials, payment information, or any other private information related to users' Steam accounts.