Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

51. Re: Feb 12, 2012, 20:09 Flatline
Mashiki Amiketo wrote on Feb 11, 2012, 07:08:
Flatline wrote on Feb 11, 2012, 03:23:
Dude, this breach happened THREE YEARS AGO and they just "found out about it" in the recent past. Which is, to put it mildly, a cock-up of epic proportions.
Wait did someone mention that you missed the part where this was already stored data, and it wasn't "three years ago" but rather from the same breech. Sometimes I think this is why it would be better if they simply didn't report things like this. People see earlier dates, jump on their asses, flail about, scream, that the sky is falling. When in fact, they've simply missed read it.

What you're saying and what the email from valve said are totally different. So let me post the full email:

If you have accessed your Steam account since November 10, 2011 you know that we had a network intrusion. We learned about this intrusion when the Steam forums were defaced on November 6. Since then our investigation of this intrusion has continued with the help of outside security experts. We now have additional information we would like to share with you. We are providing this information to you in this formal way because it might be required by your state's law.

We've recently learned that it is probable that in 2009 the intruders obtained a copy of a database with information about Steam transactions between 2004 and 2008. This database contained user names, email addresses, encrypted billing addresses and encrypted credit card information. We do not have any evidence that the encryption on credit card numbers and billing addresses has been compromised. We are still investigating and working with the Seattle FBI office.

We don't have evidence of credit card misuse. Nonetheless, you should watch your credit card activity and statements closely.

Now. I bolded my original quote. There are two intrusions mentioned in this email. One in 2011, one in 2009.

They announced that they *just* determined that in 2009 the salted hashes and other data was stolen. This is in addition to anything they discovered from the 2011 attack or the original "investigation" of the 2009 attack (if they even investigated it).

My criticism is that it took 3 years for them to determine the real damage of the 2009 intrusion. And apparently they only realized this because of the 2011 intrusion. That's pretty sloppy work. I have to ask what else have they missed?
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.


Blue's News logo