UPDATE: AMD has issued a statement confirming activation keys have been compromised, and added that there might be a delay in redeeming valid vouchers while it looks into the situation.
"This past weekend, activation keys associated with free Dirt 3 game vouchers shipping with select AMD products were compromised," it read.
"These activation keys were hosted on a third party fulfillment agency website, www.AMD4u.com, and did not reside on AMD's website. Neither the AMD nor Codemasters servers were involved.
"We are working closely with Steam, Codemasters, and our fulfillment agency to address the situation. AMD will continue to honor all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed."
ORIGINAL STORY: Hackers have stolen access to three million digital copies of Dirt 3.
The huge list of Steam download codes was taken from AMD's redemption site, AMD4u, which was compromised.
The keys were stockpiled for use in a promotion with AMD graphics cards, reported Kotaku.
According to posts on Steam's forums, the codes were discovered in a .sql database and accessed with a simple .htaccess exploit.
Steam codes can be traced by developers, meaning Steam is able to block hacker's access to the game. Codemasters told Eurogamer it hopes Steam will deactivate the codes. A statement from AMD is expected shortly.
In June Codemasters admitted its website had been violated by hackers, with encrypted passwords, email addresses and user names stolen.