Steam
- Thread starter stegor
- Start date
tom_gr7
Life Serving
What Steams been hacked?
Oh for god sake!
Any got a link to this?
edit - found on = http://crave.cnet.co.uk/gamesgear/steam-hacked-valve-truly-sorry-50006035/
Oh for god sake!
Any got a link to this?
edit - found on = http://crave.cnet.co.uk/gamesgear/steam-hacked-valve-truly-sorry-50006035/
Last edited:
DeadEyeDuk
Superhero Level Poster
Password change first off (check)
Pretend nothing is wrong and nothing will be wrong (check)
Pretend nothing is wrong and nothing will be wrong (check)
I have to laugh at a paragraph in that cnet link above that says:
"We have to applaud Valve's response to the situation -- issuing what appears to be a frank account of what happened, as well as an apology, goes a long way to mending broken hearts."
What response is that then? I received no email suggesting I change my password etc. or informing me of the potential risk to my info/account.
When I logged on to Steam after reading this thread (+rep for stegor), there was no mention of the hacking, just the same old screen trying to sell me some more stuff.
So I for one will not be "applauding Valve's response".
"We have to applaud Valve's response to the situation -- issuing what appears to be a frank account of what happened, as well as an apology, goes a long way to mending broken hearts."
What response is that then? I received no email suggesting I change my password etc. or informing me of the potential risk to my info/account.
When I logged on to Steam after reading this thread (+rep for stegor), there was no mention of the hacking, just the same old screen trying to sell me some more stuff.
So I for one will not be "applauding Valve's response".
Gorman
Author Level
barring encrypted credit card info (good luck breaking that unless they got the keys as well) there is nothing on steam that my government wont happily sell onto anyone who will pay wether i tick the little box that says no or not. Did i say government, i meant government AND:
My telephone company
water "
Gas "
Elec "
Insurers "
etc etc etc, im sure you get my point.
My telephone company
water "
Gas "
Elec "
Insurers "
etc etc etc, im sure you get my point.
Frenchy
Prolific Poster
firstly it was the forums and not steam itself that were hacked.
Secondly, I dont think the OP really understands the subject area well enough to make that sort of statement. Im no expert on security, in fact I know very little about ways in which to hack things like this, all I do know is that its extremely complex, but no matter what encryption is there people will work to break it. If a kid can hack the US Defence network then im pretty sure steam / sony are easy targets in comparison.
The main issue is whether the data itself is well encrypted, this is the encryption you really have to worry about and not wether the server itself got hacked. More than anything servers being hacked cause inconvenience, encryption of data being hacked is the problem. Now card data was fully encrypted on their database so it is near impossible for anyone to decrypt it, even via brute force it would take many many years. This is perfectly acceptible encryption.
For me the best thing a company can do is protect it as well as it feels necessery, if they do however get hacked, they let people know and they learn from those flaws. Something both sony and steam have done / will be doing continually.
Secondly, I dont think the OP really understands the subject area well enough to make that sort of statement. Im no expert on security, in fact I know very little about ways in which to hack things like this, all I do know is that its extremely complex, but no matter what encryption is there people will work to break it. If a kid can hack the US Defence network then im pretty sure steam / sony are easy targets in comparison.
The main issue is whether the data itself is well encrypted, this is the encryption you really have to worry about and not wether the server itself got hacked. More than anything servers being hacked cause inconvenience, encryption of data being hacked is the problem. Now card data was fully encrypted on their database so it is near impossible for anyone to decrypt it, even via brute force it would take many many years. This is perfectly acceptible encryption.
For me the best thing a company can do is protect it as well as it feels necessery, if they do however get hacked, they let people know and they learn from those flaws. Something both sony and steam have done / will be doing continually.
Frenchy
Prolific Poster
You obviously jumped to conclusions then because it wasn't steam itself that was hacked it was the steam forums. Different set of data. If you had a forum account and you logged into the forum you would notice that it informs you of the security breach and asks you to change your password, it also informs you that if your details are the same for the main steam program then it might be advisible to change that password too.
Please actually read before posting next time.
Where and who did they notify Frenchy? I would have thought an email would have been sent at least. Even if Steam are happy that no important info was stolen, I would still like to be notified, so I have the option to change password etc.
Frenchy
Prolific Poster
I wrote a second post specifically aimed at your response.
I read the OP and then read the cnet link. I didn't know that the forum was separate to the main Steam account as far as hacking was concerned, so sorry if I misunderstood that. I'm fairly new to Steam.
I think your comment "Please actually read before posting next time" was a bit harsh.
Frenchy
Prolific Poster
Tbh I dont think it was that harsh, sorry if it sounded overly harsh, however this statement just above the line about applauding steam for their response is as follows:
"Gaming services are still working, but the Steam forums have been shut down for now. Anyone using the Steam forums will have to change their password next time they log in, and customers have been advised to change their passwords on other accounts, if those accounts use the same password."
It does say that anyone logging onto the forum will be asked to change their passwords, which is the warning you were asking for. If steam accounts had been affected aswell as forum accounts they would have done the same for the steam program.
Again, sorry if it came across overly harsh.
OK, fair enough. I don't use the Steam forums so wouldn't have seen the warning.
Have a good weekend.
stegor
Bright Spark
I disagree with the above and one or two other mis-statements on here...
The forums were hacked and defaced, but the main steam database was ALSO hacked. Part of the official statement is as follows....
"Intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."
Whether the encrypted information can be unencrypted or not (and contrary to Frenchy's statement above, I understand encryption and it's resistance to brute force attacks perfectly well) is irrelevent to me. Yes, a lot of the unencrypted information could be gleaned from other areas such as banks, utility companies etc, but they have a requirement to keep this information safe under the data protection act and what's more, the amount of information that the hackers gained all at once would save them a lot time piecing together bits of information about me if they wanted to, for example, steal my identity.
I for one am not taking this lightly, otherwise companies such as Steam will also take it lightly.
tom_gr7
Life Serving
+1
MadMan
Super Star
10 November 2011
Dear Steam Users and Steam Forum Users:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
Dear Steam Users and Steam Forum Users:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.