Feeds

AMD Steam-game offer suspended after keys pilfered

DiRTy snatch leaves gamers worried

SANS - Survey on application security programs

Data security problems have led to the suspension of a free-videogame-with-every-Radeon-graphics-card offer from AMD and Codemasters.

Three million activation codes that allowed gamers to play a free copy of DiRT 3 on Steam have leaked. AMD's redemption site, AMD4u, was left vulnerable to a .htaccess exploit. This website security flaw allowed the activation codes for the rally driving game to be extracted from a database on the site.

In a statement, AMD said that valid game vouchers would still be honoured while admitting this process is likely to be delayed, Eurogamer reports.

"Activation keys associated with free DiRT 3 game vouchers shipping with select AMD products were compromised," the statement explained. "These activation keys were hosted on a third party fulfillment agency website, www.AMD4u.com, and did not reside on AMD's website. Neither the AMD nor Codemasters servers were involved.

"We are working closely with Steam, Codemasters, and our fulfillment agency to address the situation. AMD will continue to honour all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed."

Steam is likely to block the codes leading to fears that anyone who innocently uses the codes as part of the promo will end up with a blocked account as a result. Chris Boyd (AKA Paperghost), a keen gamer who works as a security researcher for GFI Software, said Steam is trying to prevent such collateral damage.

"The biggest concern on the mind of a gamer would be if their PC gaming accounts – such as those utilising the Steam platform, which may be tied to hundreds of pounds worth of gaming titles – could be suspended due to using one of the stolen keys to activate DiRT 3 on their account," Boyd told El Reg. "The official Steam Support Twitter account has addressed this issue, so hopefully that will set their minds at ease for the time being."

The DiRT 3 incident caps a miserable summer for information security at games developer Codemasters. In an apparently unrelated recent incident, Codemasters was forced to pull its website offline and get users to change their passwords following a hack attack back in June. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.