Jump to content

Steam Forums Hacked

Sign in to follow this  

Recommended Posts

I just got this message from STEAM

---------------------------------------

10 November 2011

 

Dear Steam Users and Steam Forum Users:

 

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

 

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

 

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

 

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

 

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

 

We will reopen the forums as soon as we can.

 

I am truly sorry this happened, and I apologize for the inconvenience.

 

Gabe.

I bring you mortal danger and cookies. Not necessarily in that order.

http://www.youtube.com/jclc

Share this post


Link to post

Good thing Valve is King when it comes to taking down the bad guys.

 

Truly enough, look at how they combat piracy: They don't use draconian DRM, they out-compete pirates by offering better service with frequent updates, promotionals, ease of access and such.

This is a nice metric server. No imperial dimensions, please.

Share this post


Link to post

So... Using credit cards for buying games there is... Unsafe?

"Even if something sounds logical, it doesn't mean it have to be true"

Share this post


Link to post
Why are Steam forum accounts tied to Steam accounts in the first place. >:|

 

They're not. :\

 

However the infiltration that occurred went deeper than the forums and potentially compromised other stuff as well. It's all in the message.

Feel free to PM me about almost anything and I'll do my best to answer. :)

 

"Beware of what you ask for, for it may come to pass..."

Share this post


Link to post

But the forums and your Steam account details should have nothing in common, they're held on totally different servers, are protected by different types of security and have separate login details. If there was another infiltration it would have been totally different to the forum one.

Share this post


Link to post
How would you buy something with a forum account :|

 

I just asking :?

"Even if something sounds logical, it doesn't mean it have to be true"

Share this post


Link to post
But the forums and your Steam account details should have nothing in common, they're held on totally different servers, are protected by different types of security and have separate login details. If there was another infiltration it would have been totally different to the forum one.

 

On the forum I believe it was an administrator account (a Valve developer or so I heard) that was compromised. If the PC of that admin was compromised then there is a distinct possibility they may have had access to other information. Who knows. We have no idea how Valve have their network set up. Forum accounts and Steam accounts are entirely separate, but that doesn't mean their servers are not, say, in the same building. Perhaps Valve will release more information on what they know in the near future.

Feel free to PM me about almost anything and I'll do my best to answer. :)

 

"Beware of what you ask for, for it may come to pass..."

Share this post


Link to post

As Sinister said, the intrusion originated on the Forums, but the attackers got past that and "obtained access to a Steam database" that "contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information". So, they reached that system, but Valve says they "do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked"

 

So... Using credit cards for buying games there is... Unsafe?

There is always a degree of risk involved in every transaction, not just on STEAM, but on every online and face-to-face transaction. That's why your credit card should have hard limits that let you use them normally but would not destroy your finances, should they become compromised.

 

In answer to your question, it depends. Valve says that the credit card information was encrypted. If the information was indeed taken (which we don't know at this point), the important point is how well implemented the encryption is. I hope they did it right.

 

Finally, they said they "don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely", which is good advice. I check mine at least once a day, as a habit. Nothing weird so far.

I bring you mortal danger and cookies. Not necessarily in that order.

http://www.youtube.com/jclc

Share this post


Link to post

Well luckily I don't have a credit card(at least I don't think what I have can be considered a credit card, since all the money you can spend is what I put on it).

¯\_(ツ)_/¯

Share this post


Link to post

So i can get my Steam account screwed up because of the lack of responsability with security protocols by someone at some Forum i dont even use?

 

Just hope nothing bad happens, otherwise someone will get burned

 

620147.png

Edited by Guest (see edit history)

The future of gaming lies in realistic simulations of extraordinary realities

 

"I am drunk, you dont have an excuse"

Share this post


Link to post

Well no, your forum account and steam account are separate. If you happen to do something silly and use the same password its really your own fault.

¯\_(ツ)_/¯

Share this post


Link to post
Well no, your forum account and steam account are separate. If you happen to do something silly and use the same password its really your own fault.

I dont have a forum account

From what i understood is that the forums were attacked and that gave access to a steam database, unless both are at the same place, the only way i can think that would work is that a steam developer forum account was hacked and they used the forum account password to access the steam account of the developer. Thats were the security fail would be.

The future of gaming lies in realistic simulations of extraordinary realities

 

"I am drunk, you dont have an excuse"

Share this post


Link to post

And thats why if someone made such mistake, someone will get burned

The future of gaming lies in realistic simulations of extraordinary realities

 

"I am drunk, you dont have an excuse"

Share this post


Link to post

I just got this message.

 

----

 

10 February 2012

Dear Steam Users and Steam Forum Users:

 

We continue our investigation of last year’s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

 

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

 

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

 

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

 

Gabe

 

-----

 

I've been monitoring my credit card. Nothing weird so far.

I bring you mortal danger and cookies. Not necessarily in that order.

http://www.youtube.com/jclc

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in the community.

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


×
×
  • Create New...

This website uses cookies, as do most websites since the 90s. By using this site, you consent to cookies. We have to say this or we get in trouble. Learn more.