More than half a million users had their accounts breached on the most popular Counter-Strike: Global Offensive community last year.
In total, 611,000 HLTV users had their info leaked onto the internet, according to Have I Been Pwned, an open resource site that lists large data breaches. The site also archives breached databases, meaning users can search and see whether they’ve been affected.
The HLTV breach was discovered on June 19 by the site’s staff, and prompted a response from the site’s founder and lead programmer, Per Lambæk.
“The attack got in via a compromised admin account, and an exploit in some old legacy code on the site,” Lambæk wrote. “This led to remote access to our main webserver, from where access to the database was possible.”
Despite the fact that the entire user database had been breached, all of the accounts were encrypted with bcrypt, an advanced password hashing algorithm aimed at severely complicating malicious mass password decryption.
HLTV isn’t the only major CS:GO community to have its user data hacked recently. On Jan. 9, news broke that the user database of third-party matchmaking service ESEA, which contained 1.5 million accounts, had been breached and subsequently shared on the internet. The hack was pulled off through an exploit discovered by an ESEA user who threatened to share the user info if he wasn’t financially compensated. The company chose to not engage with the person in question, and alerted the FBI once it became apparent that private information had been leaked.