AMD Site Leaked Millions of DiRT 3 Steam Keys

By Kevin Parrish
published

A missing .htaccess file granted clever surfers access to 1.7 million game keys for DiRT3 on Steam.

Oh snap. Someone will likely receive a scolding finger from AMD and Codemasters for leaving around 1.7 million reserved DiRT 3 keys wide open for savvy web surfers to find. Originally located here, the keys were listed in eight text files and reserved for gamers who purchased specific AMD graphics cards. But as of this report, the text files are gone and AMD has temporarily taken down the DiRT 3 promotional website until further notice.

At first, the blunder seemed to be totally on AMD's behalf: the promotional site lacked an .htaccess file which would have restricted access to specific areas on the server, including the directory where the keys resided. But once nosy visitors discovered that the directory doors were left unlocked, the keys were naturally scooped up and distributed across the Internet.

"Never put .sql database with game keys on webserver where simple missing .htaccess can leak it," said one developer from Bohemia Interactive on Steam's forums.

Yet despite leak, the catch was that the DiRT 3 keys were only usable on Valve's Stream platform. That said, Codemasters will likely send over the entire list to Valve so that the numbers can be blacklisted and the games quietly removed from user accounts. It's assumed that DiRT 3 keys already associated with registered AMD graphics cards via the promotion will not be affected.

After the initial news of the leak began to spread, Codemasters announced that it was investigating the situation and trying to "block" the codes. The publisher also conveyed its hopes that Valve would deactivate the stolen codes. "Despite what some sites are posting, it was not a Codemasters site or server on which the Dirt 3 codes in question were comprised, it was AMD's redemption site," the company explained.

AMD eventually came clean and said that the codes were hosted on a "third-party fulfillment website," and that neither AMD nor Codemasters servers were compromised in the incident. "AMD will continue to honor all valid game vouchers, however the current situation may result in a short delay before the vouchers can be redeemed," the company stated.

Kevin Parrish
25 Comments Comment from the forums
  • SinisterSalad
    I never did activate mine, yet. :/
    Reply
  • iam2thecrowe
    "Yet despite leak, the catch was that the DiRT 3 keys were only usable on Valve's Stream platform" so you wont be able to use it right away anywaay. First you will have to reinstall steam 3 or 4 times, wait a few days for a server to become available, reinstall the game twice, update the game to even play it, decrypt some files then a few weeks later reinstall steam again when it stops working.
    Reply
  • AbdullahG
    I activated mine when I got my Radeon HD card...never played it though.
    Reply
  • 11796pcs
    Man, that's brutal- good luck AMD getting Codematers to partner with them for DiRT 4. I loved DiRT 2 but haven't been interested in DiRT 3 enough to pick it up. Plus it includes a Gymkhana mode that everyone seems to hate. Knowing Steam and Valve- the codes will definitely be deactivated (Steam strives for customer satisfaction).
    Reply
  • Anomalyx
    iam2thecrowe"Yet despite leak, the catch was that the DiRT 3 keys were only usable on Valve's Stream platform" so you wont be able to use it right away anywaay. First you will have to reinstall steam 3 or 4 times, wait a few days for a server to become available, reinstall the game twice, update the game to even play it, decrypt some files then a few weeks later reinstall steam again when it stops working.
    Oh yeah, I've heard of that happening... I believe it's called an ID-10-T error.
    Reply
  • kilo_17
    ^Lol man that was good!
    Reply
  • webbwbb
    This is something that, if it were not illegal, could make for a pretty fun project. I have wondered about the possibility to use a large sample of software keys to detect patterns in them and reverse engineer the key assignment program. This is certainly a large enough sample to make that possible. Now, I am aware that pirates do make keygens for games but, from my understanding, they either do it by analyzing memory addresses during key entry, or they simply make a program that has several keys in a list and it randomly spits one out. It coul be rather problematic for Code Masters if someone was able to make a real keygen from this.
    Reply
  • CosmicTwister
    Nothing like an open door policy. Happy they found someone to correct the id-10-t Code in their config.sys file
    Reply
  • cookoy
    more likely someone will be receiving a kick in the butt than just a scolding finger
    Reply
  • lp231
    Got Dirt 2 for free, played a few times then stopped after I reinstalled my OS. Not going to bother downloading it again, just to drive around in some off road track.
    Reply