AMD, in a promotion with Codemasters, was giving away 1.7 million Steam download codes to consumers who purchased certain AMD video cards, but those codes have now been stolen.
The servers holding the codes were missing an .htaccess file, which are used to restrict access to certain areas on a server.
Read the original post on the leak, via the Steam forums:
unfortunately,
complete AMD promotion key list leaked to internet
i assume that proper course action will be simply blacklist every key
and remove them silently from accounts then tell users to re-register new ones
or ... do nothing
in short never put .sql database with game keys on webserver
where simple missing .htaccess can leak it
AMD's response:
You may have heard this weekend, activation keys for free Dirt 3 game vouchers shipping with a few AMD products were compromised. The keys were hosted on a third-party fulfillment agency website, AMD4u.com, and were not on AMD’s website. Neither AMD nor Codemasters servers were involved.
We’re working closely with everyone to address the situation. AMD will honor all valid game vouchers, but just a heads up, the current situation may result in a short delay before the vouchers can be redeemed.
Written by: Andre Yoskowitz @ 6 Sep 2011 21:37