An cardinal oversight on a third party fulfillment agency website hosting activation keys for Codemasters’ DiRT 3 game has resulted in the leak of some 3 million keys that allow the game to be played for free on the Steam game platform.
It was first thought that the keys were hosted on the AMD site and servers, since the activation keys in question were associated with free Dirt 3 vouchers that are shipped with a number of AMD products such as graphic cards.
But, as it turns out, the compromised site – located on AMD4u.com – has nothing to do with AMD’s website or servers.
If comments on Steam’s forums can be used as an indication of how the leak was made possible, it all happened because the site did not contain the .htaccess file – a configuration file that makes it possible to restrict access to the specific directories on a server.
According to Eurogamer, AMD has confirmed the leak and has promised that it would continue to honor all valid game vouchers with a slight delay.
On the other hand, as leaks go, this one is pretty harmless for users, as no personal information was compromised. AMD and its third party fulfillment agency website have learned a good lesson rather cheaply, as the compromised keys can be easily blocked through Steam.