It was first thought that the keys were hosted on the AMD site and servers, since the activation keys in question were associated with free Dirt 3 vouchers that are shipped with a number of AMD products such as graphic cards.
But, as it turns out, the compromised site - located on AMD4u.com - has nothing to do with AMD's website or servers.
If comments on Steam's forums can be used as an indication of how the leak was made possible, it all happened because the site did not contain the .htaccess file - a configuration file that makes it possible to restrict access to the specific directories on a server.
According to Eurogamer, AMD has confirmed the leak and has promised that it would continue to honor all valid game vouchers with a slight delay.
On the other hand, as leaks go, this one is pretty harmless for users, as no personal information was compromised. AMD and its third party fulfillment agency website have learned a good lesson rather cheaply, as the compromised keys can be easily blocked through Steam.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.