Three Million DiRT 3 Game Vouchers Stolen by Hackers

September 7, 2011 -

Codemasters and AMD have confirmed that over three million digital vouchers for Steam have been stolen for DiRT 3. According to a report from Industry Gamers (citing a Steam forum post), hackers used an .htaccess exploit that allowed them to gain access to an .sql database containing the codes. Those codes were meant to be used for a future AMD graphics card promotion.

"This past weekend, activation keys associated with free DiRT 3 game vouchers shipping with select AMD products were compromised," said AMD in a statement. "These activation keys were hosted on a third party fulfillment agency website, www.AMD4u.com, and did not reside on AMD's website. Neither the AMD nor Codemasters servers were involved."

"We are working closely with Steam, Codemasters, and our fulfillment agency to address the situation. AMD will continue to honor all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed."

The good news is that the huge batch of codes that were stolen can be traced, and Codemasters claims that they should be able to deactivate the codes in due time.

Source: Eurogamer by way of Industry Gamers


Comments

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

Stolen? That's bit of a stretch given how the keys were made available for the whole world to see.

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

I disagree (though it's quite possible I've misunderstood exactly what happened here).  If someone takes my stuff without my permission, my stuff has been stolen.  It doesn't matter if I've left my front door wide open with my stuff neatly piled in the doorway.

That does make me stupid but it doesn't make my stuff any less stolen.

 

Andrew Eisen

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

Taking your stuff against your will is stealing, but you're using that logic on something that doesn't apply. Stealing leaves the victim without what is theirs. Has anyone lost anything? No, they still have the codes, but the hackers (sic) have them too, which they can invalidate. So they might be able to acquire copies of Dirt3 without participating in the promotion, but Codemasters will not have fewer copies of the game as a result. That is, if they are digital downloads and not printed discs shipped in boxes. It might be applicable to accuse them of fraud if they attempt to redeem those vouchers, but stealing isn't. What they did would be more akin to eavesdropping, espionage,  or wiretapping.

Your definition of stealing is flawed, especially in the eyes of the law. That said, what happened was a deplorable act that resulted in an interruption of service for actual customers of AMD and Codemasters. It was rather pointless act as well since it's easier to acquire the DRM-free version from bittorrent. Given all that, it's a seriously dick move and they should stand to answer for the damage they did.

-Greevar

"Paste superficially profound, but utterly meaningless quotation here."

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

Replace "stole" with "misappropriate" if it makes you happy.

 

Andrew Eisen

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

It's more like an infringement of privacy, similar to trespassing.

-Greevar

"Paste superficially profound, but utterly meaningless quotation here."

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

Whatever, buddy.  I know you understand the specifics of what happened so I really don't care what you call it.

 

Andrew Eisen

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

I believe this situation is more akin to leaving all of your stuff in the middle of a busy intersection and then claiming that it was stolen when you come back 3 days later to find it all missing.

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

Not unless those keys were posted in plain text on the front page of AMD4u's website or something similar.  Hell, even my "open front door" analogy isn't applicable.

 

Andrew Eisen

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

They were stored in plain text. All you basically had to do was add /keys to the end of the URL.

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

"Not unless those keys were posted in plain text on the front page of AMD4u's website or something similar."

 

Andrew Eisen

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

I think it would be more apt to say you left your door unlocked. From an external perspective it would seem that your stuff was secure, but when more closely inspected the flaw is revealed.

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

That seem a fairer analogy. But then, on the internet, you'd have to account for thousands of people that keep trying the lock every day... You can argue it's good or bad, but it most definitely is common enough to take into account.

Re: Three Million DiRT 3 Game Vouchers Stolen by Hackers

.htaccess exploit? I'd hardly call it an exploit. Hell, I wouldn't even call it a hack. The directories (plural. There was more than one: an SQL directory showing some keys in 3 sql files, and a keys directory showing ALL keys in plain text files) were WIDE OPEN (and continued to be such for hours after it was made public). A hack? More like a complete lack of security.

----
Papa Midnight

 
Forgot your password?
Username :
Password :

Poll

Will the FCC preempt state laws that limit municipal broadband services?:

Shout box

You're not permitted to post shouts.
ZippyDSMleeWouldn't they be able to afford and get done in a timely manner a general gba emluator for the 3DS? It seems to me if they want to make money off sales they need to do it.07/31/2014 - 7:25am
Sora-ChanAmbassador program, that's what I was looking for. Anyway the other games that have been made no longer exclusive to the early adopters got updates in their software. It'll only be a matter of time more than likely for the GBA to get the same treatment.07/31/2014 - 5:35am
Sora-ChanI might be naming it incorrectly when I say "founder" i mean the program for earlier adopters.07/31/2014 - 5:34am
Sora-Chanthe 3DS's GBA emulator was a rush job due to the founder program. No other GBA titles have been released on the 3DS yet. If/When they do get around to it, they'll more than likely update the emulation software.07/31/2014 - 5:32am
Zenemulator...it's not just a slap job that makes "some" work..they do it for each which is why they work so well. I would rather have the quality over just a slap job.07/30/2014 - 5:48pm
ZenMatthew there is a difference between "worked" and "accurate". You play the Nintendo VC titles they play as damn close to the original as possible. The PSP would just run them as best they could, issues and all. And Masked...EACH VC title has their own07/30/2014 - 5:48pm
MaskedPixelanteOnce again, the 3DS already HAS a GBA emulator, it just can't run at the same time as the 3DS OS.07/30/2014 - 4:54pm
Matthew Wilsonyou cant street pass in ds mode ether, and if moders can make a gba emulator that runs very well on the psp as I understand it. you are telling me that Nintendo devs are not as good as moders?07/30/2014 - 4:49pm
Zenperformance. Halo 1 and 2 worked great because they actually did custom work on each of them...just like Nintendo does now lol07/30/2014 - 4:08pm
Zenexisting hardware while the GBA has to be emulated completely. Same reason the 360 couldn't run most Original Xbox games correctly, or had issues because they just did "blanket approach" for their emulation which led to game killing bugs or horrible07/30/2014 - 4:07pm
ZenSora/Matthew: It's not just Miiverse, but the whole idea of streetpass and things like that would be affected if the OS is not running. And just because a 3DS game can be downloaded and run does not mean that GBA can as easily. Those 3DS games use the07/30/2014 - 4:06pm
E. Zachary KnightSleaker, How is that different from every other credit card company targeting high school and college students?07/30/2014 - 1:40pm
Sleaker@EZK - I think some people are concerned beacuse it's a predatory technique targetted toward younger people that don't understand on top of offering the worst interest rates of any retailer around.07/30/2014 - 11:33am
MaskedPixelantehttp://www.joystiq.com/2014/07/30/europe-gets-long-detained-shin-megami-tensei-4-at-cut-price/ "Sorry you had to wait a year for SMT4, would a price cut make it sting less?"07/30/2014 - 10:29am
NeenekoI would hope not. Though it is not unheard of for store specific cards to be pretty good.07/30/2014 - 8:17am
E. Zachary KnightDoes anyone, or at least any intelligent person, expect a retail branded credit card to be anything close to resembling a "good deal" on interest rates?07/30/2014 - 7:13am
SleakerGamestop articles popping up everywhere about their ludicrous new Credit card offerings at a whopping pre-approval for 26.9% APR07/29/2014 - 10:19pm
Matthew Wilsonhttp://arstechnica.com/tech-policy/2014/07/podcasting-patent-troll-we-tried-to-drop-lawsuit-against-adam-carolla/ the podcasting patent troll scum is trying to turn tail and run.07/29/2014 - 9:50pm
MaskedPixelanteOf course it's improved. At launch, Origin was scanning your entire hard drive, but now it's just scanning your browsing history. If that's not an improvement, I dunno what is!07/29/2014 - 8:59pm
Papa Midnighthttp://www.escapistmagazine.com/articles/view/video-games/columns/experienced-points/12029-Has-EAs-Origin-Service-Improved-Any-Over-the-Last-Two-Years07/29/2014 - 8:25pm
 

Be Heard - Contact Your Politician