×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AMD Accidentally Leaks 1.7 Million DiRT 3 Keys

Soulskill posted more than 2 years ago | from the oops-times-one-point-seven-million dept.

AMD 187

An anonymous reader writes "The free game with every graphics card deal has finally backfired for AMD and Codemasters. Due to a lack of .htaccess, 1.7 million keys for a free copy of DiRT 3 on Steam have been leaked. No word from AMD or Codemasters yet, but I'm sure Valve will block all the codes on Steam soon. One question that remains: if you used one of the codes, will Steam ban your account? There could be a few very unhappy gamers later today if that happens." The exact number of keys is in question — reports range from 250,000 to 3 million — but AMD confirmed that a leak did occur.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

187 comments

I need to take a leak... (0)

ArsenneLupin (766289) | more than 2 years ago | (#37324338)

Wow, that feels good!

Re:I need to take a leak... (0)

AMoth (1151295) | more than 2 years ago | (#37324380)

*Ouch*

Re:I need to take a leak... (1)

Z00L00K (682162) | more than 2 years ago | (#37324808)

See it this way - the solution is to release a new version with additional features and take the losses for the version with lost keys. And stop further updates to the version with lost keys.

What about legit keys? (2)

djsmiley (752149) | more than 2 years ago | (#37324352)

What about people with legal keys..... I hope I don't miss out on using this.

I'll likely give the key away as I'm a Linux user and don't care about the Dirt game either, but it'll be a shame if everyone misses out now because of this?

Re:What about legit keys? (1)

delinear (991444) | more than 2 years ago | (#37324582)

I thought the same thing - I can't imagine Valve would ban users if there is any risk of banning legitimate users, that would be opening them up to a huge backlash from users. More likely they'll just void the keys and Codemasters/AMD will have to set up a different scheme to compensate the legitimate purchasers.

Re:What about legit keys? (0)

Anonymous Coward | more than 2 years ago | (#37324664)

What's the point of a key?
It's a value you put in memory so the CPU can compare it to another value it generated from a list of commands (machine code) they already gave you.
Why not simply generate it yourself (using that list) or remove the comparison commands from the list?

In other words: Any form of "copy protection" is seriously delusional. No exceptions.

If you want to pay software developers (like me) for their service, then pay them for their service. :)
The code that is created and is passed on to other people, has been, is, and always will be completely free.

Re:What about legit keys? (1)

TubeSteak (669689) | more than 2 years ago | (#37326130)

What about people with legal keys..... I hope I don't miss out on using this.

With 1.7 million keys, I'm guessing some semi-intelligent hacker can reverse engineer Dirt 3's key generator.
Soon there will be legal keys for everyone.

Steam policy on account bans (4, Informative)

headLITE (171240) | more than 2 years ago | (#37324360)

https://support.steampowered.com/kb_article.php?ref=5406-WFZC-5519


There is a Zero-Tolerance policy for any violations of the Steam Subscriber Agreement and Online Code of Conduct. All accounts in a user's possession for any of the following activities will be suspended:
Piracy or Hacking

This includes using an unauthorized ("hacked") Steam client to access Steam, attempting to register fake CD Keys or attempting to register a CD Key which has been published on the internet.

Re:Steam policy on account bans (2)

Stellian (673475) | more than 2 years ago | (#37324428)

...attempting to register a CD Key which has been published on the internet.

The question is, did the leaked keyset also contained legitimate keys that were distributed with games ? Maybe a mix of:
- keys yet unused
- keys printed on CDs not yet sold
- keys that already in the hands of customers

If that's the case, not only Valve can't penalize those accounts - they need to actually support online game play as advertised, at the very least for keys in the last category, if they can sort them out.

I don't care if it's free, and I don't care if the publisher leaked my key: the bundling of a free game skewed my buying decision and I have the right to play it.

Re:Steam policy on account bans (0)

Anonymous Coward | more than 2 years ago | (#37324458)

You open a support ticket, show proof of purchase and a picture of the media/CD key or whatever they require, and they reallocate the proper CD key back to your account. No biggie.

Re:Steam policy on account bans (1)

wmbetts (1306001) | more than 2 years ago | (#37324474)

That won't stop people from crying, because they had to take 5 minutes out of their day to scan something. They'll also bitch about not having a scanner, digital camera, cell phone with a camera, or knowing anyone with any of those things to prove it.

Re:Steam policy on account bans (3, Insightful)

Anonymous Coward | more than 2 years ago | (#37324548)

Why should people have to pay for others mistakes? Why should people have to take those "5 minutes out of their day to scan something", in order to correct a situation they weren't involved with? It's insane to think the customers have to "foot the bill", so to speak, to clean up after AMD's fuck up.

Re:Steam policy on account bans (2)

Joce640k (829181) | more than 2 years ago | (#37325446)

Why should people have to take those "5 minutes out of their day to scan something"

Because they're adults?

Re:Steam policy on account bans (-1)

Anonymous Coward | more than 2 years ago | (#37325588)

Why should people have to pay for others mistakes? Why should people have to take those "5 minutes out of their day to scan something", in order to correct a situation they weren't involved with? It's insane to think the customers have to "foot the bill", so to speak, to clean up after AMD's fuck up.

Because life isn't fair you ignorant cunt.

Re:Steam policy on account bans (0)

Anonymous Coward | more than 2 years ago | (#37324554)

You assume everybody has said "proof" available. Many people discard invoices, get stuff as gifts or have another completely valid reason not to have a "proof of purchase".

I do hope they ban lots of people, though. At least that way more people realise it's not a good idea to put all your eggs in one basket ... a basket that's stored in somebody else's cellar and to which you have only very limited visitation rights that can be revoked at any time.

Re:Steam policy on account bans (1)

delinear (991444) | more than 2 years ago | (#37324614)

Invoices etc. are only the easy way to provide proof of purchase, they're not the only ways. If you paid by card you can maybe show them your bank/credit card statement. If all else fails maybe you send them a photo of you at home holding the product or they telephone you and ask some details from the disk/card (okay this could be faked if you know someone else with the product, but it's still going to limit abuse to the friends of legitimate users).

Re:Steam policy on account bans (1)

Shoe Puppet (1557239) | more than 2 years ago | (#37324802)

Imagine I paid in cash and threw away the disc as I want to be bothered by as little physical stuff as possible.

Re:Steam policy on account bans (1)

tomknight (190939) | more than 2 years ago | (#37324836)

Best throw away your PC too then.

Re:Steam policy on account bans (1)

Shoe Puppet (1557239) | more than 2 years ago | (#37324846)

That's bullshit. Without the PC, I can't use the PC. Without the media, I can still use the game.

Re:Steam policy on account bans (1)

Kreigaffe (765218) | more than 2 years ago | (#37325316)

They'll have you actually read a number off the video card you purchased.

It's much more simple than you seem to think it is -- there's little chance someone's going to throw out their brand new video card.

Re:Steam policy on account bans (0)

X0563511 (793323) | more than 2 years ago | (#37325296)

Then you reap what you sow.

Sorry, but you should have known better. Perhaps you do, now.

Re:Steam policy on account bans (2)

delinear (991444) | more than 2 years ago | (#37325492)

Exactly, in that case you've trusted yourself entirely to a technology that's proven to fall down at the human level in the past. What's that saying about a fool and his money? I mean, for that matter, what would have happened if the disk was destroyed in a fire in his home before he'd had chance to register it to his account? The insurance probably wouldn't cover it without some proof that the purchase actually took place. It's not fair that customers have to take such steps when the technology should be there to protect them, but that doesn't mean it's not prudent to do so.

Re:Steam policy on account bans (1)

Anonymous Coward | more than 2 years ago | (#37324564)

They'll also bitch about not having a scanner, digital camera, cell phone with a camera, or knowing anyone with any of those things to prove it.

Why not. None of those things are necessary to buy and play the game.
If AMD / Codemasters can't keep things tight it should be their problem. If they want to change the deal for one of the users it should be on that users terms, not on conditions forced on him.

Re:Steam policy on account bans (1)

delinear (991444) | more than 2 years ago | (#37324598)

Sure they will complain that it's effort on their part when it wasn't their fault, that's what people do, but they're far less likely to dump Steam as their distribution system which is ultimately what Valve care about. Compared to banning someone's account outright it's the obvious solution (well, unless AMD/Codemasters are prepared to foot the bill and right off the losses - can't see that happening any time soon).

Re:Steam policy on account bans (3, Insightful)

DrXym (126579) | more than 2 years ago | (#37325356)

You open a support ticket, show proof of purchase and a picture of the media/CD key or whatever they require, and they reallocate the proper CD key back to your account. No biggie.

No biggie? Legit customers would be treated by default as pirates unless they supplied proof of purchase, and until they did that could risk everything from their account being locked to being perma banned.

A correct and more sensible option would be for AMD to supply Steam with a list of email addresses of users who registered. Probably 90% of those are using the same email address on Steam and can be eliminated. Then you audit the hardware of the remainder through Steam (and it's already capable of this) and see who is running AMD hardware that the promotion applied to eliminate them too. Then you look for the date that the exploit got into the wild (probably obvious from a graph of # registrations per day) and you eliminate all of them before that date. Finally you're probably looking at a small % of legit owners to track down. You might then mailshot every game owner and tell them the game will be disabled in 10 days unless they run it on the proper hardware and then you eliminate people who do that. Finally you mailshot again and warn them to contact customer service with proof of purchase within 30 days or risk a perma ban.

Is it a major screwup by AMD? Yes. But Valve and AMD should make all reasonable efforts to not inconvenience legit users. Only as a last resort should a ban or account freeze should be necessary.

Re:Steam policy on account bans (2, Insightful)

Anonymous Coward | more than 2 years ago | (#37324492)

The leak was full of legitimate keys, and also included the IDs that were sold with the hardware.

The text files were simple rows of Dirt 3 Keys, Hardware IDs, and database identifiers.
If you wanted, it was simple enough to copy a hardware ID instead of a Dirt 3 key, paste that ID into the amd4u promotion, and receive the appropriate Dirt 3 key in your inbox from AMD themselves.

If someone did that, there'd be absolutely no way of distinguishing them from a legitimate customer that owned the product, since the hardware ID acted as the proof of purchase. Of course most people didn't register and just copied the Dirt 3 keys directly, so it's possible for AMD and Valve to see what Dirt 3 keys were activated on Steam without their corresponding hardware IDs being registered on amd4u.com. That's probably revoke about 90% of the illegitimate licences.

The promotion had been running for awhile, so if they just ban all of the keys then some innocent accounts will be hit in the crossfire. At the moment it seems like they are just revoking the licences instead of banning accounts (at least for the users who profess to being tricked into entering the key without knowing where it came from).

Also, the exact number of keys was 2 million, eight text files with 250,000 keys per file.

Re:Steam policy on account bans (2)

mr_lizard13 (882373) | more than 2 years ago | (#37324560)

Indeed you are right sir. The game was included in the purchase price, regardless of it being marketed as 'free'.

'Zero tolerance policy' - i find this funny ... (1)

unity100 (970058) | more than 2 years ago | (#37324650)

when companies' clueless legal departments produce bullshit like this, it is a hilarious read. like, how there was endless crap surrounding assassin's creed 2 regarding its drm, and the tough talk and bullshit from ubisoft. what happened in the end ?

you cant force or coerce 'the people'. they are many. they eventually do what they see fit. it is much better for a company to tell their legal department - which are proven to be totally clueless about how things work on the internet btw - to shut the fuck up, and handle their consumer relations more carefully. (not leave it to marketing dept. goons either - they screw it up so grandly in another way).

Re:'Zero tolerance policy' - i find this funny ... (3, Interesting)

Co0Ps (1539395) | more than 2 years ago | (#37324844)

I got PERMANENTLY banned from the steam forums for simply stating that piracy exists and people pirate games. Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.

Re:'Zero tolerance policy' - i find this funny ... (3, Informative)

GameboyRMH (1153867) | more than 2 years ago | (#37325476)

Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.

I think this also explains how people who are normally anti-DRM see Steam as acceptable.

Re:Steam policy on account bans (1)

Xest (935314) | more than 2 years ago | (#37324776)

What exactly happens when Steam bans your account? Do you lose access to every game you've ever paid for? Do they refund you?

I'd be amazed if it's legal for them to block access to content you've legitimately paid for. Has this been tested thus far?

Re:Steam policy on account bans (0)

Anonymous Coward | more than 2 years ago | (#37324812)

You're fucked.
Yes.
No.
Many, many times, but Valve fanboys will rip you to shreds and eat your entrails if you attempt to talk about publicly.

Re:Steam policy on account bans (3, Informative)

Xest (935314) | more than 2 years ago | (#37324866)

Hmm, definetely not buying anything from Steam ever again. I've never done anything illegal with it nor do I intend to but the idea that they can arbitrarily steal back from you what you have purchased from them is sickening.

Re:Steam policy on account bans (1)

jtownatpunk.net (245670) | more than 2 years ago | (#37325610)

Years ago, I bought a Counterstrike Anthology because my new roommate was addicted and wanted me to play. I bought the physical media and was forced to install the Valve client to activate it. I played maybe 20 hours then forgot about it. Tried to play again a year or two later and my account was locked. Jumped thru the hoops like a good dog (write this code next to the activation code for your game and take a picture of it) and they reactivated my account but never explained why it was shut off in the firs place. Again, a few hours of play then I got bored with it. Another year or so later, they gave away a free copy of Portal. Fired up the Steam client and my account was locked AGAIN. So I jumped through the hoops again and got my account reactivated with no explanation.

That's twice I've been locked out of my content with no warning or explanation and that was an account I was forced to create in order to play a game I bought on physical media in a Brick-n-Mortar store. I'm definitely not a fan of the way Valve/Steam treats its customers.

OTOH, it's the Wave of the Future(tm)(r)(c). This is the way content will be delivered and this process is still in its Wild West phase. The sad reality is that things won't settle down until enough precedent-setting cases have made their way through the court system. The sellers of content think that they can sell you a revokable license and cut off your access to the content at any time for any reason they want. You know it's bullshit and I know it's bullshit but, until it's declared to be bullshit by SCotUS, we're at their mercy.

The shitty part is that there are almost no games being published today that aren't subject to some sort of remote kill switch. Even if you're holding a DVD-ROM in your hand, you'll need to be connected to the internet to get your installation blessed (authorized) during the installation at the very least. Likely every time you launch the game as well. Sometimes constant authentication is required. Even for single-player games. But at least "they" can only revoke access to a single key at a time if you go that route.

Re:Steam policy on account bans (1)

heypete (60671) | more than 2 years ago | (#37324928)

My understanding (based off of a friend who had an account banned because he was using various cheats in online multiplayer games on Steam) of the situation is that you can still play games in your account. However, you cannot play on any "Valve Anti-Cheat"-enabled multiplayer server (which is nearly all of them).

I'm not sure if the penalties are different for attempting to pirate things with Steam.

Re:Steam policy on account bans (1)

RogueyWon (735973) | more than 2 years ago | (#37324970)

There are levels of ban. The one you've just described is the "lightest" - basically, you lose the ability to play certain steam games (primarily Valve produced ones) online. This tends to be a response to in-game abuses, such as cheating or general bad behaviour. In other words, stuff that is rude and unpleasant but not, in most jurisdictions, illegal. As a former hardcore online gamer, I am enthusiastically supportive of this bit of the policy.

The use of stolen or leaked keys, or attempts at using a steam account for social engineering type scams will result in a more extreme form of ban - the account is locked and games associated with it (and which require steam to run - actually, a lot of those games on your steam list, particularly the older ones, can be copied out of your steam cache folder and run normally) cannot be run. As this is only used in cases associated with conduct that is against the law in most jurisdictions, this policy has not, as yet, been successfully challenged. If there's a threat to it, it will come from a case involving somebody whose account was compromised (via malware, social engineering or a third party security failure) and then used for these more serious breaches, resulting in the original owner of the account recovering it, and then finding out he has lost all of his games for good.

This will become more pertinent if breaches such as the earlier Codemasters one (which saw Xbox/GfW Live account information leaked) leads to a rise in compromised accounts where the user in question hasn't done anything particularly stupid (beyond creating an account with the "wrong" company).

Re:Steam policy on account bans (1)

Anonymous Coward | more than 2 years ago | (#37326114)

This will become more pertinent if breaches such as the earlier Codemasters one (which saw Xbox/GfW Live account information leaked) leads to a rise in compromised accounts where the user in question hasn't done anything particularly stupid (beyond creating an account with the "wrong" company).

Unfortunately they've all created an account with the wrong company: Valve. Allowing Steam to be judge, jury and executioner with the power to deny you access to your own property is madness.

Re:Steam policy on account bans (1)

rwa2 (4391) | more than 2 years ago | (#37325118)

Meh, doesn't sound like anything of value was lost. I've played Grid and maybe the demo of one of the earlier Dirts, but they're pretty much arcade racers that get boring and monotonous fast. Go play Gran Turismo something, or better yet Live4Speed [lfs.net], those seem to be the only racing games that feel anything remotely similar to driving real cars (at least if you have a wheel & pedals).

I'm still waiting for some sort of retribution from Steam for cashing in on a stash of high-level loot some random Level 69 pub hack dropped off on us in Borderlands. I grabbed three things out of the pile for the heck of it, and even though I couldn't use them, I sold them for the "Slumskag Millionaire" achievement, and now have more money than the counter can register. Doesn't really matter in the game though, money isn't exactly a limiting factor (loot drops are much better than anything you can buy), and I still run around gathering all the dollar bills for the heck of it. But if I get banned, so much the better, I spend waayy too much time playing games anyway :-P

Re:Steam policy on account bans (3, Insightful)

TheRaven64 (641858) | more than 2 years ago | (#37325042)

I'd be amazed if it's legal for them to block access to content you've legitimately paid for.

It's perfectly legal. You are not buying anything from Steam. You do not own anything that you pay for on Steam. You are paying for a revokable license, at the sole discretion of Valve. If you confuse this with an actual purchase, then that's your problem.

Re:Steam policy on account bans (0)

Anonymous Coward | more than 2 years ago | (#37325182)

Consumer Rights Act begs to differ pal.

If it appears to be an actual purchase, and behaves like all other actual purchases, then it is an actual purchase - regardless how Valve would prefer it to be treated.

If I didn't purchase the game from Steam or Valve, then they have no say over whether I can play it or not. If they revoke my access to a game that I purchased (went in to shop, picked up physical copy and paid for it) then they can refund me the amount I paid to the publisher - since its their agreement with the publisher that is causing my access to be revoked.

Re:Steam policy on account bans (1)

TheRaven64 (641858) | more than 2 years ago | (#37325248)

If it appears to be an actual purchase, and behaves like all other actual purchases, then it is an actual purchase - regardless how Valve would prefer it to be treated.

That big license agreement that you agree to before signing up for Steam and before every Steam purchase would disagree. Any games 'purchased' over Steam come with text that you agree to before the purchase stating that it is not a purchase. If you don't read this... caveat emptor.

If I didn't purchase the game from Steam or Valve, then they have no say over whether I can play it or not.

That's a more tricky situation, however the text is presented when you first install the game makes it clear that you have not, in fact, purchased the game, and instructs you to return it to the shop if you are not happy with this. The shop is required to give you a full refund.

This case is pretty simple with regard to Valve. The only agreement that they have with regard to the game is the one that you agreed to when you installed it. They can withdraw this service at any time. You are then left with the shiny disk that you purchased. You can return this to the shop as not suitable for the purpose for which sold if Valve withdraws the service from you, but your (legal) disagreement is with the shop that sold it to you, not with Valve.

Re:Steam policy on account bans (1)

Xest (935314) | more than 2 years ago | (#37325810)

"That big license agreement that you agree to before signing up for Steam and before every Steam purchase would disagree."

That fact EULAs can't trump statutory rights, such as the afformentioned Consumer Protection Act would beg to differ.

Your argument is basically that Valve can come and murder you, as long as they put that you grant them this right in their EULA. Well, no, actually, they can't. The user not reading it would not act as a defence.

"The only agreement that they have with regard to the game is the one that you agreed to when you installed it"

Well, and, you know, that matter of the law that governs both you, the end user, and them, as a company. Let's not forget that elephant in the room shall we?

Re:Steam policy on account bans (1)

impaledsunset (1337701) | more than 2 years ago | (#37325230)

Using the words of their lawyers (e.g. the EULAs) is a great way to describe services of that sort to discredit them, but actually buying their words means that they have won. If I had my account blocked, I'd still sue them, until a judge says so - legal my ass.

Re:Steam policy on account bans (4, Informative)

AmiMoJo (196126) | more than 2 years ago | (#37325408)

That's what the EULA says, but consumer protection laws override that. In the UK the Sale of Goods Act requires that goods sold be "as described" and "fit for purpose", i.e. if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.

Contracts can never override your statutory rights, even if you had read and signed it before purchase.

Re:Steam policy on account bans (1)

TheRaven64 (641858) | more than 2 years ago | (#37325698)

The Sale of Goods Act applies to sales of goods, not rental of services. Before you buy anything from Steam, it makes it clear in the terms and conditions that you are not actually buying anything. With regards to sale of a boxed game, the Act only applies between the seller and the purchaser. Valve is not one of these entities. They can revoke your copy of the game, and the Sale of Goods Act means that you can sue the shop that sold you the box if they refuse to give you a full refund. You will, however, need to have kept the receipt for the game to be able to prove that you purchased it from them...

Re:Steam policy on account bans (1)

Xest (935314) | more than 2 years ago | (#37325728)

So how does this work where I bought a game such as Dawn of War II as an actual boxed copy but was forced to activate via Steam?

I do not see how it's my problem to believe that this was an actual purchase. Nor do I think for a second that the courts would disagree in fact.

I suspect that you are wrong, that in at least some cases such as this it is Valve's problem, they're just playing fast and loose with the law whilst they can get away with it.

Re:Steam policy on account bans (1)

Hadlock (143607) | more than 2 years ago | (#37325414)

They can VAC ban you, which means you can't play certain games on registered servers (i.e. most of them). VAC bans can be for single games, or account wide. You can still open the game and play them in single player/lan mode. That's the least intrusive way. The most intrusive way is locking your account, which is on par with taking away all your toys and stuffing them down the garbage disposal, because you can't even log in to play your single player games or view your steam friends list. Though you can sometimes negotiate with customer service to conditionally unlock your account.

Re:Steam policy on account bans (1)

Trigger31415 (1912176) | more than 2 years ago | (#37325288)

It's true they have 'zero tolerance' for this, but they were forced to retract from another zero-tolerance policy in the past, when their VAC system banned by error 12,000 players of CoD.
Moreover, another thing needs to be taken in account : with their system of trade of virtual items from Team Fortress 2, a lot of keys were traded. Some people unaware of the leak bought the keys, or received them as gift from 'friends'.
So, if they ban everyone who entered one of the leaked key, they'll ban inncocent, naïve people.

Re:Steam policy on account bans (1)

ZorinLynx (31751) | more than 2 years ago | (#37325936)

There's no way to determine the source of a key someone entered.

What if a friend found the keys on the net, and decided to pretend they're gifting the person a copy of Dirt 3? Boom, suspended account, all because someone thought they were receiving a gift.

It's a dumb idea to suspend one's entire account for entering a "stolen" key when the key can simply be revoked and the user told that it was stolen. It's the virtual equivalent of throwing someone in jail because a friend bought a stolen laptop at a flea market and gave it to them as a gift.

Just confiscate the laptop, say "sorry for the inconvenience, blame your friend" and MOVE ON.

Uuuuh (0)

Anonymous Coward | more than 2 years ago | (#37324364)

No word from AMD [...] yet
(later)
AMD confirmed that a leak did occur

Re:Uuuuh (1)

game kid (805301) | more than 2 years ago | (#37324434)

AMD is a very open company. It's just that its AMD division can be quite secretive sometimes.

Re:Uuuuh (1)

c0lo (1497653) | more than 2 years ago | (#37324572)

AMD is a very open company

Given the 1.7 mils of key that leaked, I tend to agree with you. Except that "AMD is a very cracked company" describes better the situation.

Not exactly "AMD leaks"... (1)

Ecuador (740021) | more than 2 years ago | (#37324366)

The keys were on a site kept by a 3rd party fulfillment partner that had really bad security (or really great lack of it if you prefer)...

Re:Not exactly "AMD leaks"... (1)

mitashki (1116893) | more than 2 years ago | (#37324376)

Or perhaps they have left out .htaccess on purpose? ;)

Re:Not exactly "AMD leaks"... (1)

ZeroExistenZ (721849) | more than 2 years ago | (#37324442)

Or perhaps they have left out .htaccess on purpose? ;)

"Officer, he left his cardoors open on purpose. I entered just to take his laptop because he was offering it to me."

Re:Not exactly "AMD leaks"... (0)

Anonymous Coward | more than 2 years ago | (#37324516)

The difference is that a web server is a publication method. It's designed to offer you things to download.
It's reasonable to assume that anything you can reach on a web server is something the owner is OK with you having.

There's no reason to put something in a web server's public_html directory that you don't want people to download...

Re:Not exactly "AMD leaks"... (0)

Anonymous Coward | more than 2 years ago | (#37324578)

It is a publication method, provided you have published the url. If there was never a public link to the specific directory, it was not publication.

Re:Not exactly "AMD leaks"... (0)

Anonymous Coward | more than 2 years ago | (#37324942)

And cars are designed to let people get in and drive them. It even protects them in the event of an accident, even if they're not the owner.

Re:Not exactly "AMD leaks"... (0)

Anonymous Coward | more than 2 years ago | (#37324606)

That's a bad analogy, as it is a web server's explicit purpose to make unprotected documents available to the public.

Big Deal, the keys were easy to get anyway. (0)

Anonymous Coward | more than 2 years ago | (#37324374)

Just order a card of Amazon and return it when you receive it. You should have the game key which is sent out promptly after the purchase.

My car got stolen (1)

atari2600a (1892574) | more than 2 years ago | (#37324378)

turns out I left the keys in the ignition, the door wide open with a bright giant neon sign on the windshield that said FREE CAR, & the title was in the glove box already signed off for sale at $0 (just in case).

Re:My car got stolen (0)

Anonymous Coward | more than 2 years ago | (#37325222)

Actually, it's more like that just happened at the local car rental place, and thousands of cars were driven off. What's worse, those cars were already reserved by their legitimate customers. The customers looking for their cars are rather annoyed.

JA RLY (-1)

Anonymous Coward | more than 2 years ago | (#37324388)

KEYCODE 4EL0P-DGWAV-KC5B9 UNIQUE 7689-4ZGQ-4113-25CJ CODE SEQ 1750001 ..
KEYCODE AHDR3-TJ86I-F8AHB UNIQUE 6680-4WOW-7345-02CF CODE SEQ 2000000

.htaccess exploit? (0)

Anonymous Coward | more than 2 years ago | (#37324402)

"The codes were discovered in a .sql database and accessed with a simple .htaccess exploit. "

How does failure to type
touch .htaccess

filling it's contents with
DENY FROM ALL
become an exploit? Please explain or please be fired for incompetence.

Re:.htaccess exploit? (0)

Anonymous Coward | more than 2 years ago | (#37324744)

Indeed, the lack of any .htaccess protection on the files is not an exploit, any more than walking through an unlocked door is "exploiting" lock technology.

Wow (1)

atomicbutterfly (1979388) | more than 2 years ago | (#37324438)

We've got some real morons working in the security area of the gaming industry.

Re:Wow (1)

Krneki (1192201) | more than 2 years ago | (#37324690)

It always amaze me how people know the problem without even looking into the details.

Security costs money and if no one is willing to pay for it, who will deploy it?

Re:Wow (1)

delinear (991444) | more than 2 years ago | (#37324752)

Given the industry's reputation for overworking and underpaying, I can't say I'm that surprised. The real problem is they all seem to get away with it, on the whole customers don't care unless it has a direct negative impact on them, and even then if it's too much effort to go elsewhere they don't seem to care. It seems to be the herd mentality at work, there are so many users/purchasers that everyone thinks it won't be them that gets hurt... right up until it is.

Keep internal files outside DocumentRoot (0)

Anonymous Coward | more than 2 years ago | (#37324446)

It's not that hard to do it right. Proper file permissions would've worked too, as would prefixing the names with ".ht" or even denying the location in a reverse proxy. TRWTF is suggesting .htaccess as the solution, it's bad practise and should be avoided. Don't rely on having Apache httpd and don't rely on it to accept your .htaccess, I never configure Apache to do that. Configuration goes in /etc, served-up content goes in /var/www/whatever.

Also, advertising companies often employ a "PHP guy" who will fire up Adobe Dreamweaver to write a "quick script" for you. To give you an idea of how terrible this is, more often then not they see "chmod 777" as a solution for permission denied errors. It's shit like that which causes dead simple hacks like the one in the linked article.

You should be allowed to use these keys (0)

Anonymous Coward | more than 2 years ago | (#37324452)

There should be a law that ensures that when a person or company leaves something open for being accessed by anyone, then anyone has the right to use it.

And before you ask, yes, when someone does not lock the door of his house or car, anyone should be allowed to enter besaid house or car and replicate anything inside with his personal replicator. Oh wait, there is no personal replicator? I guess then the analogy is flawed....

Re:You should be allowed to use these keys (1)

GigaplexNZ (1233886) | more than 2 years ago | (#37324670)

Oh wait, there is no personal replicator? I guess then the analogy is flawed....

I'm pretty sure the keys are single use, so the "it's not stealing because it's only a copy" style argument doesn't work in this case.

Great! (-1)

Anonymous Coward | more than 2 years ago | (#37324454)

It's really a nice post, thank you for sharing...

I also recommend this cheap Swarovski crystal jewelry [aimengcrystal.com] and 925 sterling silver jewelry [aimengcrystal.com] online store for you!

  if you used one of the codes, will Steam ban your account? There could be a few very unhappy gamers later today if that happens.

Finally backfired? (1)

PhunkySchtuff (208108) | more than 2 years ago | (#37324470)

Why has this "finally backfired" - in what way was this an accident waiting to happen? What was it about the promo that leads the submitter to believe it was set up to fail from the start?

Re:Finally backfired? (1)

hairyfeet (841228) | more than 2 years ago | (#37324830)

Well for one thing Codemasters has already been hacked recently. I got one of those "Hi, we've been pwned! Please change any passwords that you used and we hope you didn't use them anywhere else! kthnksbai" from Codemasters. So their record on security wasn't great to start with.

Second of all and slightly OT, but why Dirt? Ever since the Intel bribery scandal I've been buying nothing but AMD yet that promo was a giant turn OFF for me, can't think of any of my customers that would give a crap either. All the racing guys I've known played NASCAR or GT on consoles, is PC racing even the tiniest bit popular? They couldn't give us a shooter or RTS?

So while i'm sorry you got bit in the ass AMD i'm just glad none of my customers are having to deal with this mess, because the ones that qualified don't care about Dirt. hell if you want to show off your GPU make a deal with the guys that make Just Cause II. Watching those oil towers blow up in glorious DirectX 10 mode was well worth my card upgrade. Anytime I want to sell a customer on a GPU upgrade all I have to do is fire that game up and start blowing shit up. All those fireballs and ragdolls filling the screen and they always go "oooohhhhh...that's so damned cool!".

Re:Finally backfired? (1)

goose-incarnated (1145029) | more than 2 years ago | (#37325688)

Wait, what? You're comparing the least-skilled racing (nascar) with the most skilled racing (rally)? Whats wrong with this picture?

Statement from Codemasters (0)

Anonymous Coward | more than 2 years ago | (#37324484)

Via Kotaku [kotaku.com]:

"You may have heard this weekend, activation keys for free Dirt 3 game vouchers shipping with a few AMD products were compromised. The keys were hosted on a third-party fulfillment agency website, AMD4u.com, and were not on AMD's website. Neither AMD nor Codemasters servers were involved.

We're working closely with everyone to address the situation. AMD will honor all valid game vouchers, but just a heads up, the current situation may result in a short delay before the vouchers can be redeemed."

Doubt any ban will occur (0)

Anonymous Coward | more than 2 years ago | (#37324502)

With that huge of a leak, they will probably invalidate the keys and remove the game from the list of people who used the leaked keys.

mod 30wn (-1)

Anonymous Coward | more than 2 years ago | (#37324556)

Love of two is? FreeBSD's

Bans unlikely (0)

Anonymous Coward | more than 2 years ago | (#37324558)

Steam account bans are unlikely to happen, although Valve can ban you if they so choose. I registered a Metro 2033 cd key a few months ago when Nvidia had a similar promotion and goofed up in a similar way. The game simply disappeared from my Steam library the next day.

It is very worrisome that they have the power to revoke access to all the games you legally acquired, but they have not yet exercised this power in these circumstances.

Is it really a 'leak' ? (1)

unity100 (970058) | more than 2 years ago | (#37324630)

after apple losing their prototype a SECOND time, in the exact SAME fashion they did last time, and sending goons to look for it in exact SAME fashion, i dont trust any such stuff. - wait, apple goons told that they were from SF police dept this time - thats something new.

cant this be something to make people download dirt, get them hooked ?

Can't be the first time (1)

jeti (105266) | more than 2 years ago | (#37324632)

When I bought my Radeon HD 5770 something like a year ago, it contained a Steam code for Dirt 2. When I tried to register it, the code had already been used.

Re:Can't be the first time (1)

Ogive17 (691899) | more than 2 years ago | (#37325104)

When Steam was first in its' infancy, I received a code for a free version of Half-Life 2 due to purchasing a specific vcard. The game was not yet released at the time and Steam never gave me a copy of the game when it did release.

Re:Can't be the first time (0)

Anonymous Coward | more than 2 years ago | (#37325264)

That was probably just unscrupulous shop staff opening the box. Not like anyone's going to be able to prove it when they can shrink-wrap it up again.

This isn't the first time, is it? (1)

DarkXale (1771414) | more than 2 years ago | (#37324746)

I seem to remember a very similar type of incident a year or two ago - although for what game I can't remember. It did involve Steam though, again.

WTF? (5, Insightful)

Megane (129182) | more than 2 years ago | (#37324782)

The reason access to all these keys has been granted is due to a lack of .htaccess on AMD’s site.

What's all this stupid talk about .htacess anyway? Those are the kind of files that should not be below a web server's DocumentRoot in the first place. The reason access to all these keys has been grated is because some moron put them in a live area of the web server where they didn't belong.

It's a shame... (1)

peterb (13831) | more than 2 years ago | (#37325290)

It's a shame that they didn't leak the keys for a game that someone actually wants to play.

KEygen in 3....2....1 (1)

Lumpy (12016) | more than 2 years ago | (#37325372)

That many keys will guarantee a keygen is butt easy to make.

Re:KEygen in 3....2....1 (0)

Anonymous Coward | more than 2 years ago | (#37326020)

That many keys will guarantee a keygen is butt easy to make.

Really? How's that work, when the keys all have to be validated against Valve's servers before use?

Ban? (1)

gmerideth (107286) | more than 2 years ago | (#37325418)

In the case that x million keys were used, would Steam really ban x million of its own clients and lose all of that ongoing revenue just for AMD?

Lost steam.. will carpool (0)

Anonymous Coward | more than 2 years ago | (#37325450)

Bad puns aside.. I have a personal beef with Steam so I am biased, but to me the policy and company approach seems arrogant. Words like 'zero tolerance' and 'user's possession' are quite naturally what people got used to over the past with years, what with the war on terror, war on drugs, war on poverty and now ( announced by the unions of all places btw) war on jobs and war on rebublicans. Not that it makes it any more palatable.

More to the point, I dislike bundling, I especially dislike Steam who has already shown they are willing to penalize the customer if it does not fit into their grand scheme of controlling all known universe. Had I my code invalidated by this I would be whining to their support reps right now.

  As it is now, I am whining, but about their BS deus ex 'bundling' with Gamestop.

But.. in the end, I am stopping to care about this. I have decided after the deus experience that I am done with games. Done with their lawyers, CEOs, EULAs and publicly traded companies that all treat me like a farm animal. I am also doing my best to convince my friends to drop Steam aka The Good DRM.

Short version. Meh you Steam.

ps. I know the story is more about amd than steam, but amd rarely disappointed me thus far. steam has

Re:Lost steam.. will carpool (1)

VGPowerlord (621254) | more than 2 years ago | (#37326078)

As it is now, I am whining, but about their BS deus ex 'bundling' with Gamestop.

The GameStop Deus Ex fiasco involved Square-Enix and OnLive. Valve/Steam had nothing to do with it.

Also, in case you missed it, GameStop owns one of Steam's competitors, Impulse [impulsedriven.com], which was why this whole fiasco between them and OnLive happened in the first place.

Better Question (0)

Anonymous Coward | more than 2 years ago | (#37325498)

Who plays DiRT?

Oops (-1)

Anonymous Coward | more than 2 years ago | (#37325568)

I accidentally all the keys.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...