Steam Forum and Steam hacked

[7upMan]

Folks, Valve confirms that the Steam forums and Steam itself have been compromised. The message is displayed when you log into Steam. In my case, Steam starts along with Windows, and the message was displayed only after closing and re-opening Steam.

[jaxa]

I would add that they believe no credit card info or passwords were compromised. I thought I read conflicting statements on the info leaked so I would recheck the latest PR.

 

I heard talk that emails were compromised, and that some got a scam email from the hackers advertising "steam hack programs" or something.

 

Dear Steam Users and Steam Forum Users:

 

 

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

 

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

 

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

 

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

 

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

 

We will reopen the forums as soon as we can.

 

I am truly sorry this happened, and I apologize for the inconvenience.

 

Gabe.

Edited November 11, 2011 by jaxa

[Bikerdude]

Ha! anything that shows just how fragile digital disto crap like steam is the better.

 

That fat fcuk Newell is only sorry he got caught with his pants down.

[Sotha]

Shame really. Steam has worked so well for me thus far. I usually buy all my games from steam due to the convenience and possibility to make very good deals.

 

Many similar systems were hacked recently, so I suppose it was a matter of time before steam became a target.

 

Well, I changed my password just to be sure.

 

I wonder.. Those credit card databases. Do they store all the card information that have ever been used to make any steam purchases, or is such data purged after purchase transactions have been completed. Not persistently storing such information would feel prudent to me.

 

On a side note, I am also a bit amazed and disappointed by biker's uninhibited epicaricacy.

[7upMan]

BD, it mainly shows that it's never a good thing to store your credit card information somewhere online. Granted, it is a nuisance to take the cc out, select the vendor and type in the number and security code, but I'm really glad I force myself to do it every time. This way, my cc is hopefully not compromised.

 

EDIT: typo

Edited November 11, 2011 by 7upMan

[Serpentine]

I'm still amazed that people don't expect this to happen ;/

 

If it's on an accessible network, it's going to be accessed by something which isn't meant to have access sooner or later. Don't be dumb and don't assume anything is private and you'll be just fine - until someone jackpots some large financial institutions anyway.

[Bikerdude]

On a side note, I am also a bit amazed and disappointed by biker's uninhibited epicaricacy.

 

@Sotha, I don't derive pleasure from the miss-fortune of others, but when its someone or an entity who have been shown time and time again to only think of 'customers' as walking wallets - then I have zero sympathy. I have had first hand experience of the attitude of Valve employees, which is why I will never again as long as there is a hole my arse buy a game on steam.

 

But back to SR, In this instance I will buy a copy but never open it, as the Bethesda should be paid for thier work. but I will download a torrent copy as well so I don't have to have anything to do with steam.

 

And echoing what 7up & Serps said, companies have proved time and time again that they cant be trusted with your private details. So much so that when I buy anything on-line its with a credit rather than debit card and said card has a low limit, should the card be compromised I covered by Visa's own charter etc.

[Sotha]

until someone jackpots some large financial institutions anyway.

 

Or goverment files. Or electronic health care patient records. There is plenty of things to be hacked and if it is bound to happen sooner or later, we are screwed.

These hackings seem to become more frequent: just recently 16k finns got their personal information (name, address, e-mail, phone number and social security number) leaked into the web.

 

If no electronic fortress is impenetrable, then the consequences of this type of crime should be more severe. And preventing such crime will give the policy makers motivations to try and control&repress the internet. And everyone know how effective and fun that might be.

 

@BD

Thanks for your time for the clarification. It is understandable to be displeased in a service if you feel it was inadequate. Somehow I just got an incorrect impression of you reveling about this act of electronic crime.

[Bikerdude]

@BD Thanks for your time for the clarification. It is understandable to be displeased in a service if you feel it was inadequate. Somehow I just got an incorrect impression of you reveling about this act of electronic crime.

 

And if you add to that, the fact the valve makes money hand over first bringing half length or bug ridden game's to market, my lack of sympathy turns in to disgust. And if I'm brutally honest my dislike of valve started when I first discovered Valve had the cheek to state I was unable to sell on my copy of halflife2 due to their arse about face (and in my view illegal) EULA with regard to PC users. So in short I will not hand over my hard earned cash for the pleasure of being discriminated against (console users don't have the same level of bullshit to attend with.)

 

So for future reference, don't be surprised at my comment's when steam/vale are mentioned.

[7upMan]

BD, if I may add, the highest German court Bundesgerichtshof ruled that while it may be normally illegal of Valve to prohibit re-selling their account-bound games, the fact that you can d/l the game onto any computer without any limitation balances the negative sides. Since I bought Metro 2033 for 2.5 Euros on Steam, I cannot agree more. Of course you have to look for bargain offers, and since I never spent more than 10 EUR for a game, my loss in that case is too small to be annoyed by that artificial limitation.

[lost_soul]

I do somewhat agree with BikerDude. This is because as a computer gamer, Steam is virtually forced on me these days. There are more and more games which (legally) are unplayable unless we become part of the system... and more and more games will only start requiring Steam. This is the primary reason I don't buy computer games anymore.

 

I spend more of my free time these days doing free computer repair jobs for people instead. It is more challenging and fun than most of the mainstream games coming out anyway.

 

But back to SR, In this instance I will buy a copy but never open it, as the Bethesda should be paid for thier work. ...

 

But I really don't understand why so many gamers feel obligated to support companies who don't treat you in the manor you expect. Hypothetical Analogy: If you hired me to come fix your new computer and I install Windows 95, would you still pay me even though you obviously didn't want W95? I didn't provide the service you originally wanted, therefor I don't deserve payment. I can't suggest doing what you mentioned later in your post, but I recommend buying a console and getting all of the games used.

Edited November 11, 2011 by lost_soul

[Bikerdude]

Valve confirms user data was stolen in Steam hacking

 

-http://www.techspot.com/news/46224-valve-confirms-user-data-was-stolen-in-steam-hacking.html

[Sotha]

Yeah, that was already admitted in the OP quote.

 

At least they are open about it.

[stumpy]

hackers already have my email address the amount of scam email I get from china is huge, my credit card ran out 4 weeks ago and I haven't renewed it yet, so any credit card detail of mine they have wont work.

[deadite4]

It is believed Valve followed proper protocol and used hash and salts on all the encrypted information.

 

So long as they did everything lawfully as a credit card vendor(there are very strict rules and regulations for this) then any of stolen CC info is pretty much useless to the person who took it.

 

The only useful information taken is usernames (no usable passwords), attributed email addresses, which games are attributed to your account, and maybe billing information? The first 3 of the 4 things I just listed is pretty much public domain anyway. The only real potential problem is how much billing information was available.