Out of Pod Experience

 
^ Back to top

Topic is locked indefinitely.

6 Pages123Next pageLast page
 

Security Breach at Steam

Author
#1 Posted: 2011.11.11 04:11
I got this after playing Homefront tonight:


"November 10th, 2011
Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe."

I would highly recommend changing your passwords and credit card information.
BLOOD UNION
#2 Posted: 2011.11.11 04:35
Not cool bro...
#3 Posted: 2011.11.11 05:37
Yup, not liking this, changed my password already, going to call the bank tomorrow.

It will be months before they start using credit card numbers, or sell them, so you have a little time, but it will be pretty bad I think since there are so many people that have bought stuff off steam, CoD crowd and BF3 crowd in particular. Even if the stuff is encrypted, doesn't mean they can't crack it.
Caldari State
#4 Posted: 2011.11.11 05:59
It would have been nice if they told us who may have been affected, although I have not yet gotten that e-mail.
Gallente Federation
#5 Posted: 2011.11.11 06:36
Zions Child wrote:
It would have been nice if they told us who may have been affected, although I have not yet gotten that e-mail.


They likely do not know yet. At least, this is presuming that they are telling us as soon as they discovered the incident.
#6 Posted: 2011.11.11 07:26
Zions Child wrote:
It would have been nice if they told us who may have been affected, although I have not yet gotten that e-mail.

The message also appears when you want to access their forums.
Good thing, that I always paid via PayPal Big smileSad
Cynosural Field Theory.
#7 Posted: 2011.11.11 07:26
Just saw it, just changed my details. Honestly the straw that breaks the camels back at this point, it was getting old dealing with having the client manifest itself as a resource hogging store front to even use the software you buy while they pocket huge dividends. Guess they didn't spend much of that on actually keeping stuff locked down just like sony.

Going to avoid using steam like the plague now.
The advantage of a bad memory is that one can enjoy the same good things for the first time several times.

One will rarely err if extreme actions be ascribed to vanity, ordinary actions to habit, and mean actions to fear.
Minmatar Republic
#8 Posted: 2011.11.11 07:45
XIRUSPHERE wrote:
Just saw it, just changed my details. Honestly the straw that breaks the camels back at this point, it was getting old dealing with having the client manifest itself as a resource hogging store front to even use the software you buy while they pocket huge dividends. Guess they didn't spend much of that on actually keeping stuff locked down just like sony.

Going to avoid using steam like the plague now.


Except that they actually encrypted passwords, unlike sony. This is to be expected with commerce rapidly expanding into cyberspace, and will become more commonplace in the coming years.

Enjoy not being able to play new games anymore since pretty much everything goes through steam now.
#9 Posted: 2011.11.11 11:01
Shivus Tao wrote:
XIRUSPHERE wrote:
Just saw it, just changed my details. Honestly the straw that breaks the camels back at this point, it was getting old dealing with having the client manifest itself as a resource hogging store front to even use the software you buy while they pocket huge dividends. Guess they didn't spend much of that on actually keeping stuff locked down just like sony.

Going to avoid using steam like the plague now.


Except that they actually encrypted passwords, unlike sony. This is to be expected with commerce rapidly expanding into cyberspace, and will become more commonplace in the coming years.

Enjoy not being able to play new games anymore since pretty much everything goes through steam now.


Encrypted and salted. Makes a world of difference adding a salt to it. Hopefully they used a two part salt, one purely in the applications, and one in the db, but even just a db based one helps. Smile
#10 Posted: 2011.11.11 11:56
Thanks for the heads-up. I don't visit Steam as often as I used to, and don't even have it installed on the new HDD right now (out of lazyness - and lack of time - not protest).

I need to have my cards converted to the new bank anyway, or switch to PayPal.

Ambssador from Uru.  (Search this term to find my site)

Currently Retired / Un-Subscribed.  Have Fun y'all.
#11 Posted: 2011.11.11 12:12
Thanks for the heads up Barakkus.

This is why I never ever press the "save pw or credit card information" and use different pw's for everything.
Who would have know beeing paranoid finally paid off.
#12 Posted: 2011.11.11 13:08
35 million subscribers I guess
http://www.databreaches.net/?p=21478

Who knows how many now that they are selling MW3 and BF3. I would venture a guess at half the EVE community if not more bought BF3.
#13 Posted: 2011.11.11 14:25
And this is why forcing people to use steam is bad, Bethesda.
#14 Posted: 2011.11.11 14:44  |  Edited by: Kengutsi Akira
Would be nice if Steam did like everyone else does when that happens and offers a couple months of free identity theft insurance protection cause they were liable for using ****** security

Abrazzar wrote:
And this is why forcing people to use steam is bad, Bethesda.


and Paradox, and Kerberos and hundreds of others
"Is it fair that CCP can get away with..."
:: checks ownership on the box ::

Yes
Caldari State
#15 Posted: 2011.11.11 14:55
PayPal FTW.... Until they get hacked....
#16 Posted: 2011.11.11 15:00
Abrazzar wrote:
And this is why forcing people to use steam is bad, Bethesda.


Yeah, I don't really like having to use steam, I don't like the fact that I have to have an internet connection to play games that don't require one for single player. I also don't like the idea if they ever go out of business, I will more than likely lose access to all the games I've purchased through them.
#17 Posted: 2011.11.11 15:03
I predict a number of account compromises for EVE since a number of people got EVE through Steam.
#18 Posted: 2011.11.11 15:06
Guess it's time to start using one time credit card numbers for purchases.

#19 Posted: 2011.11.11 15:09
BrundleMeth wrote:
PayPal FTW.... Until they get hacked....


They have been hacked in the past.
Caldari State
#20 Posted: 2011.11.11 15:19  |  Edited by: Enik3
Gabe Newall has indicated that AES256 encryption was used on sensitive information, so there's very little to worry about if that's true.

I have far more faith in the security layers at a premier e-commerce company like Steam than I do in, say, ANY government agency. I'm pretty sure the average person's personal data is much more exposed in other places.
6 Pages123Next pageLast page
Forum Jump