Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Steam Forum Downtime Follow-up; Steam Also Breached

Valve confirms indications from earlier this week that the downtime on the Steam Users' Forums was the result of a break-in, revealing that the Steam service itself also suffered an intrusion. Here is a message from Valve's Gabe Newell explaining the situation:

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

49. Waiting to warn is irresponsible. Nov 10, 2011, 20:45 I've Got The News Blues
 
DrEvil wrote on Nov 10, 2011, 18:36:
Giving details before they could confirm what happened would have been irresponsible.
Absolutely not! The responsible thing to do when you suspect a breach has occured is to alert those customers who may be affected immediately so that they can take precautions. It is much better to err on the side of caution because there is no harm done to the customer for being wrong. Protecting customers first NOT a company's reputation should be the priority.

Four days to properly assess the situation, ensure all systems were secure again, and to determine exactly what caused the damage does not seem unreasonable.
Of course it is unreasonable because first, it gave the crooks a four day headstart to exploit the information they stole. Waiting does nothing to help customers protect themselves in the meantime. Second, it is highly likely that Valve will never fully know the scope of the breakin especially after only four days time. So again waiting doesn't help customers and puts them at further risk. In addition expecting that everything is safe and secure after only four days is absolutely laughable especially when the people making that pronouncement are the same incompetent or irresponsible fools who didn't prevent or stop the breakin in the first place.

These are problems that you can't just throw a huge amount of people at to solve; it takes time.
Sure, it takes time to fix, but NOT to warn. Waiting to warn customers so they can take steps to protect themselves is irresponsible, and it is only done so that a company can keep from looking bad in case it was wrong about a breach.
 
Reply Quote Edit Delete Report
 
Subject
Comment
     
 
      ;)   ;)   :(   :(   :o   :o   %)   %)   :)   :)   :|   :|   ;P   ;P   X|   X|   :D   :D   More
 
Login Email   Password Remember Me
If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 
          Email me when this topic is updated.
 

Special Codes

  • b[bold text]b
  • i[italic text]i
  • u[underline text]u
  • -[strikethrough text]-
  • c[code text]c
  • +[bullet point]+
  • q[quote text (indented)]q
  • [quote="Author"]quote text (indented)[/quote]
  • [url=Link]text[/url]
  • r{red text}r
  • g{green text}g
  • b{blue text}b
  • m{maroon text}m
  • s{secret text (shows in the background colour)}s

Forum Rules

  1. Disagree all you want but attacks of a personal nature will not be tolerated.
  2. Ethnic slurs and homophobic language will not be tolerated.
  3. Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
  4. Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.


footer

Blue's News logo