DLH.net hacked, over 9 million Steam digital keys stolen

Resource DLH.net is the most famous site for gamers, where news, reviews of games, cheats and everything related to games are published. Also, users of the resource have the opportunity to share digital keys Steam.

An unknown attacker managed to find a vulnerability in a CMS resource and conduct a successful attack. During the hacking, about 9.1 million keys for activation were stolen, the cybercriminal also received information from millions of DLH.net user accounts.

Employees of the site LeakedSource, received a copy of the stolen database, claim that the data array contains names, logins, passwords in encrypted form, e-mail addresses, dates of birth, avatars, Steam logins and data on user activity in resource forums. 84% of stolen passwords were obtained as MD5 hash, and some passwords were obtained as SHA-1. A number of digital keys have already been revoked by Steam, but many remain valid.
')
Interestingly, the hacking occurred on July 31, and it became known about the problem only now . Information security experts believe that the attacker gained access to sensitive information as a result of exploiting the vulnerability in the outdated version of the forum engine vBulletin.

Employees of the resource DLH.net denied the fact of hacking, arguing that the study of logs does not show any suspicious activity over the past four weeks. However, both the DLH.net main site and resource forums are on the Leakedsource list as compromised.

Experts who have studied the hacking features of the site believe that the attacker who carried out this attack is also responsible for hacking the famous Dota 2 forum. The cybercriminal managed to steal data from more than 2 million user accounts of this forum. It also exploited a vulnerability in vBulletin, making it possible to attack using SQL injection.

This hacking became known a month after the attack. The hacking is confirmed by experts from the same Leakedsource resource. On this site, by the way, you can check your account for its compromise. However, in this case, the hacker managed to get only logins, e-mail, IP-addresses of users. Hash passwords were also obtained (MD5 algorithm). According to information security experts, 80% of these passwords can be decrypted without any problems due to their simplicity. Worst of all, half of the users are identified on a resource using their Gmail account data.

No	Post service	Number of accounts
one	@ gmail.com	1,086,139
2	@ hotmail.com	173,184
3	@ yahoo.com	44,706
four	@ mail.ru	26,862
five	@ outlook.com	24,335