In estimate, 9 million Steam activation keys got stolen as an unnamed hacker breached a gaming news site last July 31.
The website in particular is DLH.net, provider of news, game cheat codes, game reviews, and forums. The hacker responsible also recently hacked the Dota 2 forum.
According to ZDnet.com, the gaming website allows users to pass around redeemable game activation keys via its forums, which is supposedly 'secure', to 3.3. million registered individual user accounts. The information is taken from LeakedSource.com, which obtained a copy of the database.
Vulnerability
ZDnet.com reported that the weak-spot, an older vBulletin forum software, allowed access for the hacker.
Details of stolen data included Identitication data such as full names, usernames, encrypted passwords, email adresses, birthdays, activation dates, display images. Steam account names, and Steam activity were also stolen. Also for those who signed in with their Facebook account had their access tokens stolen.
Sub-standard Security
Information taken from LeakedSource.com stated that around 84% of the passwords have been decoded via cracking tools conveniently lying around in the hacking community. Using MD5 algorithm has already been considered to be non-secure in par with today's standards. Although some data were said to be stored with SHA-1, this one has stronger security, still a lot or 9.1 million steam keys were contained in the database.
What games were affected?
ZDNet.com reports that some of the stolen keys matched with popular games such as Final Fantasy IX, Pirates of Black cove, Knight Shift, among others. It is uncertain that the codes directly came from Steam. The game platform states on their support page that their games and other products sold by another retailer come with Steam key(s).
No official press release yet from Chase Faucheux, DLH.net's chief editor, and from Steam.
What now?
If you have a Steam account and have games on your database, you might want to check your inventory and see if everything is fine.