3 million digital DiRT 3 copies robbed

By Tom Phillips Published 6 September, 2011

UPDATE: AMD confirms keys compromised.

UPDATE: AMD has issued a statement confirming activation keys have been compromised, and added that there might be a delay in redeeming valid vouchers while it looks into the situation.

"This past weekend, activation keys associated with free Dirt 3 game vouchers shipping with select AMD products were compromised," it read.

"These activation keys were hosted on a third party fulfillment agency website, www.AMD4u.com, and did not reside on AMD's website. Neither the AMD nor Codemasters servers were involved.

"We are working closely with Steam, Codemasters, and our fulfillment agency to address the situation. AMD will continue to honor all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed."

ORIGINAL STORY: Hackers have stolen access to three million digital copies of Dirt 3.

The huge list of Steam download codes was taken from AMD's redemption site, AMD4u, which was compromised.

The keys were stockpiled for use in a promotion with AMD graphics cards, reported Kotaku.

According to posts on Steam's forums, the codes were discovered in a .sql database and accessed with a simple .htaccess exploit.

Steam codes can be traced by developers, meaning Steam is able to block hacker's access to the game. Codemasters told Eurogamer it hopes Steam will deactivate the codes. A statement from AMD is expected shortly.

In June Codemasters admitted its website had been violated by hackers, with encrypted passwords, email addresses and user names stolen.

Codemasters' Dirt 3.

Picture of Tom.

About Tom Phillips

Tom joined Eurogamer in 2010 and has quickly made his mark writing news and columns and coming up with puntastic straplines. Questionable beard. @TomPhillips151 on Twitter.

Read more articles from Tom by visiting the Tom Phillips archive page.

You may also like...

Comments (43) Latest comment 9 months ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • geeza2020 #1 9 months ago

    sort it out codemasters

  • shamblemonkee #2 9 months ago

    and it still has registration on its site disabled as a result of those hacksin Junes... come on codies sort it out!

  • silversun #3 9 months ago

    i think valve and steam will crack down hard on anyone that tries use these codes from what other people have been saying.
    I also hate when stuff like this happens, in my view that is 100% criminal act to steal off a database , similar to when sony got hacked on psn network.

  • nemesisND1derboy #4 9 months ago

    Wow. How could they even let something like that happen?

    When you have 3 million copies of a game ready to go, you don't leave it wide open for hacks, especially after the volume and severity of hacks we've seen over the last while. You'd think that after having previously been hacked themselves they would be more vigilant, but obviously not.

    Rookie mistake.

  • asphaltcowboy #5 9 months ago

    Codemasters... apparently not that masterful at code.

  • CaptainQuint #6 9 months ago

    They should make a movie of this and get Phil Collins to play the lead.

    Bandwidth Buster

  • GamesProgrammer Verified Games Team Programmer, Eutechnyx Ltd. #7 9 months ago

    EG can you ask if they will be re-branding to Codevictims?

  • -cerberus- #8 9 months ago

    They truly are code masters.

  • Steroyd #9 9 months ago

    *writes on piece of paper*

    Codes were on .sql database, accessed by using .htaccess exploit.

    Thanks for the tip Eurogamer.

  • HL706 #10 9 months ago

    This is pathetic on the part of Codemasters. After what happened with the Summer hacks, you would think they would encrypt and protect any online information they had.

    The famous Chinese proverb springs to mind; "Fool me once.." etc.
    Edited by HL706 at 06/09/11 @ 13:01

  • kestral #11 9 months ago

    Tough crowd here.

  • cyacomini #12 9 months ago

    There is no such thing as a '.sql' database, its 'SQL' for crying out loud.

  • cowell #13 9 months ago

    Some jokers are selling them on eBay. Now THAT is taking the piss

  • RandomTerrain #14 9 months ago

    Well hopefully there won't be a problem with Steam deactivating the codes. Fingers crossed.

    By the way, it's definitely not robbery. Here's the definition of robbery for you:
    A person is guilty of robbery if he/she: steals and - immediately before or at the time of doing so, and in order to do so - uses force on any person, or puts or seeks to put any person in fear of being then and there subjected to force.

    Edit: Why am I getting negged? :o?
    Edited by RandomTerrain at 06/09/11 @ 15:40

  • pr0ev0lution #15 9 months ago

    "According to posts on Steam's forums, the codes were discovered in a .sql database and accessed with a simple .htaccess exploit."
    yeah the exploit been they didn't include a htaccess file.

    people laughed at sony for there hacks been down to SQL injections.... this leak is even more retarded

  • jetsetwillie #16 9 months ago

    instead of referring to them as hacker (which is kind of a cool term) how about we just call them cunts. cos that is exactly what these people are. cunts

  • rudedudejude #17 9 months ago

    ahahahahahaha!

    That'll serve you right for your cd key drm mushy pea load of wee tea.

  • MDL199 #18 9 months ago

    Oh my Codemasters!

    What would David Darling say about this?!

  • Clive_Dunn #19 9 months ago

    Clearly I'm the only person thinking that generating 3 million keys for Dirt 3 PC was a waste of CPU cycles.

  • abigsmurf #20 9 months ago

    Wow, I've never heard of such a huge compromise of product keys (that wasn't down to an algorithm exploit) before. Massive fail on Codemaster's behalf.

  • andytheadequate #21 9 months ago

    I wouldn't advise the hackers actually play the game. There's only so many times you can hear an annoying commentator go:

    "THAT was TOTALLY AWESOME dooood! You should TOTALLY upload it to YOOOTUBE!" as you complete another shitty drift/ gymkhana event. And because of the online pass, it won't even let me upload it to Youtube anyway, or play online for that matter. Wankers

    Great car physics, but some seriously questionable design.

  • Stoatboy #22 9 months ago

    re: "What would David Darling say about this?!"

    Absolutely brilliant!

  • pr0ev0lution #23 9 months ago

    @jetsetwillie

    tbh nothing got "hacked" in the sense of all the hacks earlier in the summer and eurogamer calling it a hack is grossly exaggerating the issue. this is all AMDs fault for a. storing the the sql database with all the keys in it on the webserver and b. not including at least a htaccess file. you don't even have to do anything fancy to get to the databases (which as of last night were still live) bar adding /sql/ to a web address i won't put here.

  • Haloboy #24 9 months ago

    Yesterday there were numerous forum posts all over the place screaming I GOT ONE!! Thx for the link!! ^_^ Tomorrow it will be numerous forum posts screaming FU!!!11111 VALVEZ LOCKED MY ACCOUNTZ!!! >:(

    As the wonderful tv series Trollied clearly states. Serves you right.

  • green_nifta #25 9 months ago

    I bet it was that Rigluth guy ;)

  • Ryze #26 9 months ago

    @RandomTerrain

    Yep - theft, not robbery.

  • ginge51 #27 9 months ago

    Things like this can bankrupt company's.

  • orangpelupa #28 9 months ago

    [link url=http://amd4u.com/dirt3promo/
    ]http://amd4u.com/dirt3promo/
    [/link]

    Thank you for choosing AMD.
    Dirt3 Promo Site is temporarily shutdown. Sorry for any inconvenience.

    ouch.... :(
    i never know there a AMD promo.. and when this hack news i read making me notice AMD promo.... its closed :(

  • Faramis #29 9 months ago

    It is the fault of businessmen. It is the same as if someone left car showroom doors open at night, and somebody came in and took the cars. First thing police would ask how the stealing happened, and once the manager at the car showroom said someone forgot to lock the door - the police would stop investigating the case, because it was his own fault. So why should it be any different with Codies and AMD, that their mistake should be buried. AMD should pay Codies the full price of those 3 milllion copies, because worker responsible for the unlocked doors would have to pay the price of cars that were stolen too.
    Edited by Faramis at 06/09/11 @ 14:36

  • TheBlackHole #30 9 months ago

    So this was AMD's **** up, not Codies'?

    Couldn't you have just asked them that?

  • BigDaddy82 #31 9 months ago

    This does seem to be AMD's issue rather then Codemasters

  • pr0ev0lution #32 9 months ago

    since they have finally removed the SQL filesthe "hack" was simply going to http://amd4u.com/dirt3promo/sql/ which gave you access to 3 SQL files filled with keys.

  • midnight_walker #33 9 months ago

    More simply, you rob an entity and steal a thing.
    Edited by midnight_walker at 06/09/11 @ 15:58

  • CARL05 #34 9 months ago

    I feel sorry for the poor bastards that buy the keys off ebay without knowing there was a hack exploit and now has possible repercussions for their Steam account.



    /has just bought a key off ebay without knowing there was a hack exploit and now has possible repercussions for his Steam account :'(

  • Faramis #35 9 months ago

    It will be also interesting how will they handle it. Because I bet many people bought the keys somewhere without knowing they are illegal. And if those key get blocked, who will give those buyers their money back? Blocking is not the best way of action in my opinion right now.

  • Porcupine_I #36 9 months ago

    i heard Sony's security guy works for AMD now.

  • omkarv #37 9 months ago

    DIRTy bastards!

  • chrisjm #38 9 months ago

    3 million copies havent been robbed, how many have actually been downloaded and redeemed.

  • cheeky_BILLY #39 9 months ago

    why in gods name would anyone want to steal this game.it's bollocks.

  • alcides #40 9 months ago

    isn't piracy supposed to not need those keys?

  • Lucodeath #41 9 months ago

    Cant beat in your hands media format.

  • 32768Colours #42 9 months ago

    Whoops! :o

    This seems to be the trouble with digital distribution doesn't it? Its not just a few things getting pinched, its bloody millions. I bet somebody's head going to roll for this one.

  • andytheadequate #43 9 months ago

    @Superet- I think a better analogy would be if a retailer left the key to their entire stock in the door. We're talking about millions of copies here, not just a handful of empty boxes displayed in a shop...