The breach of Dota 2 forum, which saw 2 million user accounts leaked? Barry Scott, CTO, Centrify Corporation at Leader in Identity Management commented below.
Barry Scott, CTO, Centrify Corporation at Leader in Identity Management:
“The Dota 2 breach was apparently done using an attack that has been known about for a long time called SQL Injection. It’s disappointing we still see such hacks and it’s really important that web developers close wide open doors like this that are letting hackers in. As users, in spite of all the advice we’re given, we are often STILL guilty of using the same password for different web accounts, so Dota 2 forum users who have ANY other accounts that use the same password (Gmail, Bank, Facebook) must change them quickly because they are now at risk. As well as not re-using passwords, users should switch on “multi-factor authentication” if offered by their apps, which will protect them if the password is stolen by requiring another piece of information before allowing a successful login, often by entering a code via their mobile phone. Let’s be honest – hackers don’t want to find the password of your Dota 2 forum account so they can post something as if they were you – there’s usually more behind these hacks.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.