back to article Dota 2 forums fall under hackers' spell, 1.9m accounts teleported out

The chat forums for Valve’s multiplayer fantasy battle game thing Dota 2 have been hacked, it appears. The security breach – which apparently happened on 10 July but has only just come to light via Leaked Source – exposed more than 1.9 million account records containing email addresses, IP addresses, usernames and passwords. …

  1. Anonymous Coward
    Anonymous Coward

    trollin what a long strange trip

    DOTA 2 looked cool so I tried it and after ten minutes decided MOBA is the lamest sub genre of that lamest of all genres real time strategy. Good thing it sucked or I might have used their forums at some point.

  2. Destroy All Monsters Silver badge
    Holmes

    STOP THIS FORTHWITH! MD5 isn't "cracked"

    MD5 is not worse than anything else for hashing passwords, as long as you add a large salt to prevent rainbow table attacks:

    Two real reasons for not using MD5 for hashing the salted passwords is: 1) it's too fast 2) public relations as said here: Why do people still use/recommend MD5 if it is cracked since 1996?

    Your correct statement about MD5 being too fast and unsalted aside (because that also goes for the SHA family) I would still stay away from MD5 for a non-technical reason: Public Relations. It's a drag to have to convince your boss or client of what you explain. And tons of technical guys (whose opinions are valued by the same people you are trying to convince) are also deluded. After all, there is plenty of 'proof' on the internet that support their conviction that MD5 should not be used because it was broken in 2004.

    For the details, see also this excellent answer:

    How to securely hash passwords?

    Yep, read it!

    1. asdf

      Re: STOP THIS FORTHWITH! MD5 isn't "cracked"

      For those who thought TL;DR conclusion nice summed up

      Use bcrypt. PBKDF2 is not bad either. If you use scrypt you will be a "slightly early adopter" (not really true today as this was written like five years ago, would personally recommend scrypt).

    2. NomNomNom

      Re: STOP THIS FORTHWITH! MD5 isn't "cracked"

      Md5 shouldn't be used as a password because it's too short

      1. Destroy All Monsters Silver badge
        Facepalm

        Re: STOP THIS FORTHWITH! MD5 isn't "cracked"

        > Md5 shouldn't be used as a password because it's too short

        Just what

        For some people even tl;dr is too long.

        This civilization is doomed. And good riddance.

  3. Pascal Monett Silver badge

    Valve forums use MD5 hashing and got cracked ?

    I like Valve. I've always felt that Half-Life (the original) was the best computer AI ever developed. I love Steam. I feel it's the best software-vending platform in existence.

    And now this. I am disappointed, Valve. Clean up your procedures, NOW. You're better than that.

  4. Anonymous Coward
    Anonymous Coward

    Hmmm....

    “Businesses need to understand that hackers are utilising ever-more sophisticated tools and techniques, and basic encryption barely represents a challenge. Instead, they must adopt technology that provides robust encryption, scrambling individual packets of data at source, and incorporating granular access controls and policy management.”

    Pretty incoherent. What does "scrambling individual packets of data at source" and "basic encryption barely represents a challenge" even mean?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like