The official Dota 2 forum has been hacked, exposing the email and passwords of some 1,923,972 users. The attack took place on 10 July 2016, leaving users’ personal information vulnerable for over a month.
Online database Leaked Source was the first to break the new after discovering the information online. According to the site, Valve had stored the information using MD5 hashing and a salt. Unfortunately, MD5 is rather easy to decrypt; with most security experts considering it inadequate for storing passwords.
Owing to this weakness, Leaked Source was able to decrypt about 80-percent of the hashed information it was presented with. That information is currently available on the website for users to check if their personal information has been compromised.
Visitors to the Dota 2 forum should change their passwords; and for any account that shares a password with the forum. Naturally, it is bad practice to have accounts sharing a password, but it is understandable that this happens.
[Source: Leaked Source]