Author Topic: Steam Servers Hacked (Read 11447 times)

Deozaan · « **on:** November 10, 2011, 05:28 PM »

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
-http://forums.steampowered.com/forums/

wraith808 · « **Reply #1 on:** November 10, 2011, 05:43 PM »

great. I just changed all of my passwords for the sony thing. now... again? even though the forum password isn't my password to steam or any of my other secure passwords... why take the chance. *sigh*

Deozaan · « **Reply #2 on:** November 10, 2011, 05:47 PM »

At least the data was encrypted.

We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

Obviously this doesn't mean that everything is safe, but it also doesn't mean that everything is unsafe.

I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.

Also, I don't store any credit card details with Steam, so no concern for me there, either.

rgdot · « **Reply #3 on:** November 10, 2011, 05:55 PM »

Not a gamer so have no idea how they function....Steam themselves shouldn't be storing credit card numbers, encrypted or otherwise

Deozaan · « **Reply #4 on:** November 10, 2011, 05:56 PM »

Steam themselves shouldn't be storing credit card numbers, encrypted or otherwise
-rgdot (November 10, 2011, 05:55 PM)

They're an online store, and lots of online stores remember payment details to make it easier for you to buy stuff from them.

rgdot · « **Reply #5 on:** November 10, 2011, 06:25 PM »

That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.

Renegade · « **Reply #6 on:** November 10, 2011, 07:38 PM »

Steam themselves shouldn't be storing credit card numbers, encrypted or otherwise
-rgdot (November 10, 2011, 05:55 PM)

They're an online store, and lots of online stores remember payment details to make it easier for you to buy stuff from them.
-Deozaan (November 10, 2011, 05:56 PM)

Lots of people smoke crack. Doesn't mean it's a good idea.

wraith808 · « **Reply #7 on:** November 10, 2011, 08:34 PM »

That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.
-rgdot (November 10, 2011, 06:25 PM)

And Paypal stores credit card numbers...?

wraith808 · « **Reply #8 on:** November 10, 2011, 08:35 PM »

I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.
-Deozaan (November 10, 2011, 05:47 PM)

Yeah... I just can't bring myself to manage that many passwords.

rgdot · « **Reply #9 on:** November 10, 2011, 08:58 PM »

That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.
-rgdot (November 10, 2011, 06:25 PM)

And Paypal stores credit card numbers...?
-wraith808 (November 10, 2011, 08:34 PM)

Their defenses go beyond encryption on a web facing server and a SSL certificate, this is a case of going with better security infrastructure.

wraith808 · « **Reply #10 on:** November 10, 2011, 09:36 PM »

That's 90% of reason all use third party providers like paypal or gateways (http://en.wikipedia....wiki/Payment_gateway) which 'send' info when needed. Storing credit card numbers on your own servers is asking for trouble.
-rgdot (November 10, 2011, 06:25 PM)

And Paypal stores credit card numbers...?
-wraith808 (November 10, 2011, 08:34 PM)

Their defenses go beyond encryption on a web facing server and a SSL certificate, this is a case of going with better security infrastructure.
-rgdot (November 10, 2011, 08:58 PM)

But anyone can be hacked. And paypal has a less than sterling reputation of taking your money themselves in cases. My point is, everything is relative, and if you're going to do business on the net, you take some risk no matter what you do.

Deozaan · « **Reply #11 on:** November 10, 2011, 11:58 PM »

I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.
-Deozaan (November 10, 2011, 05:47 PM)

Yeah... I just can't bring myself to manage that many passwords.
-wraith808 (November 10, 2011, 08:35 PM)

Me neither. That's why I use a password manager.

Renegade · « **Reply #12 on:** November 11, 2011, 03:30 AM »

Utter... complete... incompetence... $:-\$

Steam are so utterly and completely incompetent... It astounds me.

I've ranted before about their incompetence before, but this takes the cake...

And yes - I got a "Your password was changed" email from them. I don't use anything from Steam, well, because they're incompetent and I can't. I've tried. Multiple times.

I suppose I should be thankful for that.

I wasn't impressed at having to create a support account to have my Steam account password reset. Sheesh. Wonder how long it is before their support servers get hacked... $:-\$

wraith808 · « **Reply #13 on:** November 11, 2011, 06:38 AM »

I changed all my passwords to unique passwords after the Gawker fiasco, so I'm not too concerned about the damage done here. Just gotta change my Steam password and the forum password once the forums are back up.
-Deozaan (November 10, 2011, 05:47 PM)

Yeah... I just can't bring myself to manage that many passwords.
-wraith808 (November 10, 2011, 08:35 PM)

Me neither. That's why I use a password manager.
-Deozaan (November 10, 2011, 11:58 PM)

I do too. I still can't bring myself to manage that many passwords.

Especially since each must be entered into the appropriate game program each time in the case of MMOs- and I play a lot of them.

40hz · « **Reply #14 on:** November 11, 2011, 07:56 AM »

I got tired enough of all the reported hacking of commerce sites that I opened up a separate no-fee checking account and got one of those MasterMoney debit cards to go with it. It's a special purpose account that is only used for online purchases. Most times it has a $10 balance. Anytime I want to buy something, I just transfer sufficient funds over to it from our regular account and use the MasterMoney card to make the purchase. No matter who gets hacked, or how badly, my maximum exposure is limited to what's usually in the account. Which is $10. So an NSF/overdraft notice would immediately alert me somebody's playing games.

And unlike announcements about hacked customer accounts, overdraft notices are ALWAYS sent out very promptly. No need to wait for a bank or website to 'fess up.

And because it's not a charge card, I can't run up a some huge high-interest balance I'll need to figure out how to pay for. Automatic fiscal responsibility right there! Love it.

wraith808 · « **Reply #15 on:** November 11, 2011, 09:20 AM »

I got tired enough of all the reported hacking of commerce sites that I opened up a separate no-fee checking account and got one of those MasterMoney debit cards to go with it. It's a special purpose account that is only used for online purchases. Most times it has a $10 balance. Anytime I want to buy something, I just transfer sufficient funds over to it from our regular account and use the MasterMoney card to make the purchase. No matter who gets hacked, or how badly, my maximum exposure is limited to what's usually in the account. Which is $10. So an NSF/overdraft notice would immediately alert me somebody's playing games.

And unlike announcements about hacked customer accounts, overdraft notices are ALWAYS sent out very promptly. No need to wait for a bank or website to 'fess up.

And because it's not a charge card, I can't run up a some huge high-interest balance I'll need to figure out how to pay for. Automatic fiscal responsibility right there! Love it.

-40hz (November 11, 2011, 07:56 AM)

Even better. Prepaid/Greendot card. And the steam wallet facilitates this also. Not just for hacking- but for budgeting, and cutting down on impulse purchases.

Author Topic: Steam Servers Hacked (Read 11447 times)

Deozaan

Steam Servers Hacked

wraith808

Re: Steam Servers Hacked

Deozaan

Re: Steam Servers Hacked

rgdot

Re: Steam Servers Hacked

Deozaan

Re: Steam Servers Hacked

rgdot

Re: Steam Servers Hacked

Renegade

Re: Steam Servers Hacked

wraith808

Re: Steam Servers Hacked

wraith808

Re: Steam Servers Hacked

rgdot

Re: Steam Servers Hacked

wraith808

Re: Steam Servers Hacked

Deozaan

Re: Steam Servers Hacked

Renegade

Re: Steam Servers Hacked

wraith808

Re: Steam Servers Hacked

40hz

Re: Steam Servers Hacked

wraith808

Re: Steam Servers Hacked