AMD accidentally leaks 1.7 million DiRT 3 keys

For a number of years now it has been possible to purchase a new graphics card with the promise of a free promotional game. Inside the box with your new card will be a code that can be entered on a website along with your personal details in return for access to a digital copy of a particular game for free.

AMD offers such a freebie with some of its ATI graphics cards, but due to a lack of security some 1.7 million promotional keys for Codemasters’ DiRT 3 have been accidentally leaked.

The reason access to all these keys has been granted is due to a lack of .htaccess on AMD’s site. .htaccess is a directory level configuration file commonly used for restricting access to particular directories on a server. Without it, anyone can gain access to the directory that holds all the keys as a big list in several text files (see image above).

The keys AMD uses are for Steam, so copy pasting one into the appropriate section of your Steam client should unlock the game if that particular key hasn’t been used before. However, if you do find a link to the keys we suggest you don’t try and use one. AMD will no doubt ask Valve to kill all these codes once it has realized what happened. Valve in turn could decide to ban any account that has used such a key.

This, like many other recent episodes, demonstrates how important it is to get the security right on a website and associated servers. These games were meant to be free, but only after you spent a few hundred dollars on another product. Now there’s 1.7 million copies of the game available for free, but luckily easily blocked through Steam if AMD chooses to go that route.