Report: 1.7M Steam keys for Dirt 3 compromised

Lists containing at least 1.7 million Steam promotional codes for the off-road racer Dirt 3 were compromised over the weekend.

17

A Codemasters/AMD promotion which awarded new video card purchases with a free code for Dirt 3 was compromised over the weekend. Although this sort of promotion isn't unusual, the promotional codes were apparently stored on an unsecured webserver, meaning that for the past few days, anyone who found the address could view (and pilfer) them.

An initial report on Kotaku estimated that somewhere in the neighborhood of 3 million codes were compromised. The report was later updated based on the findings of a Kotaku comment poster who claims to have seen eight separate lists of the Dirt 3 promotional codes, totaling 1.7 million.

Kotaku also reports that Codemasters is trying to "'block' hackers' access to the game," though (at least on the surface) referring to those who accessed information displayed on a public webserver as "hackers" seems like a bit of a stretch.

AMD Graphics has since issued an official statement about the issue, clarifying that the compromised codes were being hosted on a third-party fulfillment agency website, not by Codemasters or AMD. The statement reads as follows:

This past weekend, activation keys associated with free Dirt 3 game vouchers shipping with select AMD products were compromised. These activation keys were hosted on a third-party fulfillment agency website, www.AMD4u.com, and did not reside on AMD's website. Neither the AMD nor Codemasters servers were involved.

We are working closely with Steam, Codemasters, and our fulfillment agency, to address the situation. AMD will continue to honor all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed.

From The Chatty
  • reply
    September 6, 2011 6:15 PM

    Jeff Mattas posted a new article, Report: 1.7M Steam keys for Dirt 3 compromised.

    Lists containing at least 1.7 million Steam promotional codes for the off-road racer Dirt 3 were compromised over the weekend.

    • reply
      September 6, 2011 6:27 PM

      So if you got one of those codes legitimately via a video card purchase are you screwed as well?

    • reply
      September 6, 2011 6:38 PM

      wouldn't there be a way for steam to discover that the code was phished and account would be locked?

      • reply
        September 6, 2011 7:18 PM

        with enough sockets anything is possible.

      • reply
        September 6, 2011 8:22 PM

        It's not even like that. The video card comes with a code, and you go to their site and enter the code and your email and you get the steam key. That whole list of valid promo codes and associated steam keys was accessible. If Steam and/or AMD gave up some data, they could possibly check redeemed steam codes that were part of the promotion where the promo code was not registered through that site. However, there could be issues there is someone had problems using the site and had to email support to get their steam key.

    • reply
      September 6, 2011 7:45 PM

      First the guys girlfriend cheats on him while playing DIRT 2 and now Codemasters is being gangbanged. This game is a homewrecker.

    • reply
      September 6, 2011 8:30 PM

      fuck. some chinese girl on reddit gameswap traded me dirt 3 for cs. lol. oh well I'm keeping it.

    • reply
      September 6, 2011 11:27 PM

      As long as they kept the list of emails and keys sent then this is easily fixed.

      Get valve to nuke the keys that were not associated to an email on that list.

      • reply
        September 6, 2011 11:48 PM

        Ironically enough, they don't keep track of what key went to which box. So effectively, they have to kill all codes that shipped with cards. Which means that everyone who bought a graphics card with the knowledge of "LOLFREEDIRT3LOL" are now boned. Either Codemasters is going to have you call with a product code/proof of purchase to verify that you actually bought the game or AMD is going to reimburse with something else.

        It doesn't matter which way you spin it. Codes were stolen, now everyone has to pay. It's how "piracy" works.

        • reply
          September 7, 2011 12:04 AM

          So how do they make sure they don't give out the same code twice?

          Though if they were retarded enough to leave all of this exposed it's probably just giving them out in order. Which still means there is a way to tell which ones were given out.

          • reply
            September 7, 2011 2:23 AM

            Each code is generated by a computer. But they don't know which code goes with which product. They don't waste the time to write it down.

            • reply
              September 7, 2011 3:13 AM

              I am beginning to think you do not know what you are talking about.

            • reply
              September 7, 2011 3:58 AM

              They are at a great disadvantage, most people copied the unique ID with the key so if amd were to hand out new keys for amd customers, people can still put their leaked unique ID to get their new key. I think there is nothing for them to do, and no game will be disabled.

            • reply
              September 7, 2011 5:53 AM

              I'm not so sure of this. I recently bought 2 cards, and one of the codes didn't work. I sent an e-mail to support and received this reply:

              There was a typo in the code given to you.

              Your Unique ID is actually: XXXX-XXXX-XXXX-XXXX

              Regards,
              AMD Support


              There's manual entry at some step in the process. A capital "i" and a "1" were mixed up.

            • reply
              September 7, 2011 7:19 AM

              They've already declared the list of keys was from a .txt file.

        • reply
          September 7, 2011 7:23 AM

          Can't they just give more keys to newegg or whatever and have their customer service deal with it?

      • reply
        September 7, 2011 6:06 AM

        Only if your steam email is the same one your registered with the video card company. I sure as fuck don't use the same email address for everything.

        • reply
          September 7, 2011 6:16 AM

          They only need to know which keys were sent out legitimately.

          Hell, they could just nuke all the keys and email the people telling them to re-enter their details on a properly secured page and dish out some new codes.

    • reply
      September 7, 2011 12:11 AM

      1.7 million just seems ridiculously high to me for a PC racing game.

    • reply
      September 7, 2011 6:32 AM

      HIJACK I have some extra Dirt 3 promo codes. SM me your email address. First 1.7 million Shackers get one.

    • reply
      September 7, 2011 6:53 AM

      1.7 million? I had no idea chepitos friends list was so enormous.

    • reply
      September 7, 2011 6:54 AM

      1.7 million? I had no idea chepitos friends list was so enormous.

      • reply
        September 7, 2011 6:56 AM

        Argh iPhone double post

      • reply
        September 7, 2011 7:22 AM

        You got one from him too, eh?

        • reply
          September 7, 2011 11:47 AM

          Yeah the wife and I thought we were special until we found out we were just 2 out of 1.7 million.