Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 08, 2016, 05:54:35 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Steam Servers Hacked  (Read 5569 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,719
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Steam Servers Hacked
« on: November 10, 2011, 05:28:39 PM »
Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,406
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #1 on: November 10, 2011, 05:43:14 PM »
great.  I just changed all of my passwords for the sony thing.  now... again?  even though the forum password isn't my password to steam or any of my other secure passwords... why take the chance.  *sigh*

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,719
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Steam Servers Hacked
« Reply #2 on: November 10, 2011, 05:47:52 PM »
At least the data was encrypted.

Quote
We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

Obviously this doesn't mean that everything is safe, but it also doesn't mean that everything is unsafe.

I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.

Also, I don't store any credit card details with Steam, so no concern for me there, either.


rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,880
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #3 on: November 10, 2011, 05:55:16 PM »
Not a gamer so have no idea how they function....Steam themselves shouldn't be storing credit card numbers, encrypted or otherwise

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,719
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Steam Servers Hacked
« Reply #4 on: November 10, 2011, 05:56:56 PM »
Steam themselves shouldn't be storing credit card numbers, encrypted or otherwise

:huh:

They're an online store, and lots of online stores remember payment details to make it easier for you to buy stuff from them.


rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,880
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #5 on: November 10, 2011, 06:25:31 PM »
That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Steam Servers Hacked
« Reply #6 on: November 10, 2011, 07:38:01 PM »
Steam themselves shouldn't be storing credit card numbers, encrypted or otherwise

:huh:

They're an online store, and lots of online stores remember payment details to make it easier for you to buy stuff from them.

Lots of people smoke crack. Doesn't mean it's a good idea. :P ;D
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,406
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #7 on: November 10, 2011, 08:34:22 PM »
That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.

And Paypal stores credit card numbers...?

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,406
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #8 on: November 10, 2011, 08:35:05 PM »
I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.

Yeah... I just can't bring myself to manage that many passwords.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,880
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #9 on: November 10, 2011, 08:58:52 PM »
That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.

And Paypal stores credit card numbers...?

Their defenses go beyond encryption on a web facing server and a SSL certificate, this is a case of going with better security infrastructure.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,406
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #10 on: November 10, 2011, 09:36:29 PM »
That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.

And Paypal stores credit card numbers...?

Their defenses go beyond encryption on a web facing server and a SSL certificate, this is a case of going with better security infrastructure.

But anyone can be hacked.  And paypal has a less than sterling reputation of taking your money themselves in cases.  My point is, everything is relative, and if you're going to do business on the net, you take some risk no matter what you do.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,719
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Steam Servers Hacked
« Reply #11 on: November 10, 2011, 11:58:08 PM »
I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.

Yeah... I just can't bring myself to manage that many passwords.

Me neither. That's why I use a password manager.


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Steam Servers Hacked
« Reply #12 on: November 11, 2011, 03:30:39 AM »
Utter... complete... incompetence...  :-\

Steam are so utterly and completely incompetent... It astounds me.

I've ranted before about their incompetence before, but this takes the cake...

And yes - I got a "Your password was changed" email from them. I don't use anything from Steam, well, because they're incompetent and I can't. I've tried. Multiple times.

I suppose I should be thankful for that.

I wasn't impressed at having to create a support account to have my Steam account password reset. Sheesh. Wonder how long it is before their support servers get hacked...  :-\
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,406
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #13 on: November 11, 2011, 06:38:33 AM »
I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.

Yeah... I just can't bring myself to manage that many passwords.

Me neither. That's why I use a password manager.

I do too.  I still can't bring myself to manage that many passwords.  :-[  Especially since each must be entered into the appropriate game program each time in the case of MMOs- and I play a lot of them.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #14 on: November 11, 2011, 07:56:09 AM »
I got tired enough of all the reported hacking of commerce sites that I opened up a separate no-fee checking account and got one of those MasterMoney debit cards to go with it. It's a special purpose account that is only used for online purchases. Most times it has a $10 balance. Anytime I want to buy something, I just transfer sufficient funds over to it from our regular account and use the MasterMoney card to make the purchase. No matter who gets hacked, or how badly, my maximum exposure is limited to what's usually in the account. Which is $10. So an NSF/overdraft notice would immediately alert me somebody's playing games.

And unlike announcements about hacked customer accounts, overdraft notices are ALWAYS sent out very promptly. No need to wait for a bank or website to 'fess up.

And because it's not a charge card, I can't run up a some huge high-interest balance I'll need to figure out how to pay for.  Automatic fiscal responsibility right there! Love it.
 8)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 8,406
  • "In my dreams, I always do it right."
    • View Profile
    • Donate to Member
Re: Steam Servers Hacked
« Reply #15 on: November 11, 2011, 09:20:01 AM »
I got tired enough of all the reported hacking of commerce sites that I opened up a separate no-fee checking account and got one of those MasterMoney debit cards to go with it. It's a special purpose account that is only used for online purchases. Most times it has a $10 balance. Anytime I want to buy something, I just transfer sufficient funds over to it from our regular account and use the MasterMoney card to make the purchase. No matter who gets hacked, or how badly, my maximum exposure is limited to what's usually in the account. Which is $10. So an NSF/overdraft notice would immediately alert me somebody's playing games.

And unlike announcements about hacked customer accounts, overdraft notices are ALWAYS sent out very promptly. No need to wait for a bank or website to 'fess up.

And because it's not a charge card, I can't run up a some huge high-interest balance I'll need to figure out how to pay for.  Automatic fiscal responsibility right there! Love it.
 8)


Even better.  Prepaid/Greendot card.  And the steam wallet facilitates this also.  Not just for hacking- but for budgeting, and cutting down on impulse purchases. :)