AMD Site Leaked Millions of DiRT 3 Steam Keys
A missing .htaccess file granted clever surfers access to 1.7 million game keys for DiRT3 on Steam.
Oh snap. Someone will likely receive a scolding finger from AMD and Codemasters by leaving around 1.7 million reserved DiRT 3 keys wide open for savvy web surfers to find. Originally located here, the keys were listed in eight text files and reserved for gamers who purchased specific AMD graphics cards. But as of this report, the text files are gone and AMD has temporarily taken down the DiRT 3 promotional website until further notice.
At first, the blunder seemed to be totally on AMD's behalf: the promotional site lacked an .htaccess file which would have restricted access to specific areas on the server, including the directory where the keys resided. But once nosy visitors discovered that the directory doors were left unlocked, the keys were naturally scooped up distributed across the Internet.
"Never put .sql database with game keys on webserver where simple missing .htaccess can leak it," said one developer from Bohemia Interactive on Steam's forums.
Yet despite leak, the catch was that the DiRT 3 keys were only usable on Valve's Stream platform. That said, Codemasters will likely send over the entire list to Valve so that the numbers can be blacklisted and the games quietly removed from user accounts. It's assumed that DiRT 3 keys already associated with registered AMD graphics cards via the promotion will not be affected.
After the initial news of the leak began to spread, Codemasters announced that it was investigating the situation and trying to "block" the codes. The publisher also conveyed its hopes that Valve would deactivate the stolen codes. "Despite what some sites are posting, it was not a Codemasters site or server on which the Dirt 3 codes in question were comprised, it was AMD's redemption site," the company explained.
AMD eventually came clean and said that the codes were hosted on a "third-party fulfillment website," and that neither AMD nor Codemasters servers were compromised in the incident. "AMD will continue to honor all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed," the company stated.