Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Steam Forums Hacked?

The Steam Users' Forums currently offer the following message: "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This may be just normal maintenance, but we have also seen an image suggesting they were compromised in some manner, and for a while were directing users to a site offering ways to cheat at games, so this may be what Valve is in the process of cleaning up. We'll pass on posting the screenshot to avoid advertising the site, and are waiting to see if Valve has a response to our questions about this (it's still early on the west coast). Thanks Joao.

View
47 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >

47. Re: Steam Forums Hacked? Nov 12, 2011, 11:22 ^Drag0n^
 
Unacceptable.

Just sayin'

This comment was edited on Nov 12, 2011, 11:34.
 
Avatar 55075
 
"Never start a fight, but always finish it."
Reply Quote Edit Delete Report
 
46. Re: Steam Forums Hacked? Nov 8, 2011, 16:08 avianflu
 
Oblivion had a disk check but you could copy the source disk with no effort and a standard burn and the disk check would still work so not really DRM.....

Creston wrote on Nov 7, 2011, 12:32:
avianflu wrote on Nov 7, 2011, 12:24:
it isnt clear what DRM skyrim uses -- does anyone know for sure? I ask because the Amazon listing shows nothing about requiring Steam and I'd much prefer a game not tied to logins, etc.

Oblivion was 100% DRM free -- ah those were the days.

Skyrim requires Steamworks.

Oblivion had a simple disc check.

Creston
 
Reply Quote Edit Delete Report
 
45. Re: Steam Forums Hacked? Nov 8, 2011, 04:34 Dev
 
saluk wrote on Nov 8, 2011, 02:42:
Eh, this individual one doesn't really bother me, but it sure is annoying seeing these "your account may have been hacked" notices SO OFTEN lately. Steam, EA, Sony, it's getting fricken stupid. I'm not sure if it's that crackers have just gotten smart enough, or if all these big companies just got really lax about security, but I'm tired of it and I want it to stop. Before I like, abandon the internet or something.

Companies (big and small) ARE really lax about security. See here's the thing. Security is something that companies DON'T think about until they get hacked (just like backing up is something people don't think about until they lose everything, like the zomboid project). And in these economic times, positions that don't appear to contribute to the bottom line are the first to go, such as... security.

Plus the bigger companies have insurance, and as long as they do the minimum security required by the insurance, if something bad happens, they will get reimbursed anyway (remember how Sony's insurance sued to try and not reimburse sony over the PS3 hack?). Sure they will get some bad press, but a lot of times that blows over and the company doesn't care too much about that part of it.

I mean how many people still remember the 50 MILLION credit card numbers stolen from that credit card processing that violated Visa/mastercard rules, and did TJ Max, Marshals, etc. They had hackers running around for a year or two inside their servers stealing credit card numbers (the CC numbers wouldn't even have been there to take if they properly followed the security rules).

At least in the USA, we now have some state notification laws about it, previously when a company got hacked and things like social security numbers got stolen, many didn't even tell about it.

This comment was edited on Nov 8, 2011, 04:41.
 
Reply Quote Edit Delete Report
 
44. Re: Steam Forums Hacked? Nov 8, 2011, 03:24 .Drifter
 
Never got an email myself, so maybe they didn't get to all the steam forum accounts.
Also didn't notice the store page down either, but then again I haven't been online constantly all day either.
 
Reply Quote Edit Delete Report
 
43. Re: Steam Forums Hacked? Nov 8, 2011, 02:42 saluk
 
Eh, this individual one doesn't really bother me, but it sure is annoying seeing these "your account may have been hacked" notices SO OFTEN lately. Steam, EA, Sony, it's getting fricken stupid. I'm not sure if it's that crackers have just gotten smart enough, or if all these big companies just got really lax about security, but I'm tired of it and I want it to stop. Before I like, abandon the internet or something.  
Reply Quote Edit Delete Report
 
42. Re: Steam Forums Hacked? Nov 8, 2011, 02:00 Beelzebud
 
So does it bother anyone else that we got emails for an exploit site, using Valves mail server, 24 hours ago now, and not ONE WORD from Valve about this at all.

Very sloppy...
 
Reply Quote Edit Delete Report
 
41. Re: Steam Forums Hacked? Nov 8, 2011, 00:03 Acleacius
 
It's getting worst, the main webpage for the store has been down now for at least 2 hours.

Edit: Back up.
 
The people can always be brought to the bidding of the leaders.That is easy.All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger.It works the same way in any country.
Reply Quote Edit Delete Report
 
40. Re: Steam Forums Hacked? Nov 7, 2011, 22:16 Dev
 
Mashiki Amiketo wrote on Nov 7, 2011, 21:40:
Dev wrote on Nov 7, 2011, 21:32:
. Email addys getting stolen is hardly something that everyone should be happy about.
Well the real question is how much got stolen. As it is, I haven't gotten spammed on my gmail account that I use for the steam forums, which is different from my steam account login. But I think a FOB would be nice at this point too.
Its also possible nothing got stolen. If the emails so far are indeed from the valve servers (the pasted headers in this thread make it seem possible), then its possible the hack just got into the mass email part of the forums, and mass emailed something with valve forum email servers, but didn't have access to the actual addresses themselves.
 
Reply Quote Edit Delete Report
 
39. Re: Steam Forums Hacked? Nov 7, 2011, 21:40 Mashiki Amiketo
 
Dev wrote on Nov 7, 2011, 21:32:
. Email addys getting stolen is hardly something that everyone should be happy about.
Well the real question is how much got stolen. As it is, I haven't gotten spammed on my gmail account that I use for the steam forums, which is different from my steam account login. But I think a FOB would be nice at this point too.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
38. Re: Steam Forums Hacked? Nov 7, 2011, 21:32 Dev
 
Icewind wrote on Nov 7, 2011, 21:13:
If you have Steamguard on, you can stop whining and worrying.

Several people (including me) already pointed out how that will help protect your steam account. But that does nothing to stop someone stealing emails or passwords from forums for instance. And this news blurb is about the FORUMS, not the steam account. Email addys getting stolen is hardly something that everyone should be happy about.
 
Reply Quote Edit Delete Report
 
37. Re: Steam Forums Hacked? Nov 7, 2011, 21:23 Sepharo
 
Community pages just came back for me.  
Avatar 17249
 
Reply Quote Edit Delete Report
 
36. Re: Steam Forums Hacked? Nov 7, 2011, 21:20 Total-Khaos
 
MxxCon wrote on Nov 7, 2011, 17:26:
Yes, there are a lot of hacks for vB, but that doesn't mean they are unpatched. If you are running the latest version of vB, you are as secure, if not more, than running your own custom software. Plus if anything, I'd expect Valve to be competent about running their service, and this hack wasn't just a simple 'exec()?' exploit.

Why are there more hacks, exploits, and viruses for a Windows-based operating system than there are for a Unix-based operating system? Because a lot more people use a Windows-based operating system. The same principle applies here. Using one of the most popular third-party bulletin board systems essentially paints a big target on your back I'm afraid. At least if you wrote your own forum software, you can write it with security in mind -- ensuring SQL injection isn't going to be possible for example. Granted, someone could have stumbled upon admin credentials here for all we know.

President Skroob: Did it work? Where's the king?

Dark Helmet: It worked, sir. We have the combination.

President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?

Colonel Sandurz: 1-2-3-4-5

President Skroob: 1-2-3-4-5?

Colonel Sandurz: Yes!

President Skroob: That's amazing. I've got the same combination on my luggage.

Dark Helmet, Colonel Sandurz: [looks at each other]
 
Reply Quote Edit Delete Report
 
35. Re: Steam Forums Hacked? Nov 7, 2011, 21:13 Icewind
 
If you have Steamguard on, you can stop whining and worrying.

 
Reply Quote Edit Delete Report
 
34. Re: Steam Forums Hacked? Nov 7, 2011, 19:43 Ventura
 
Just changed my Steam password too. Don't much care for the forums, but as others have said, the value of my Steam account grows all the time, and more security would be welcome.

Not that I wasn't happy it emailed me a confirmation code when putting in a change password request which I had to enter, but one of them key generator thingies would just top it.
 
Reply Quote Edit Delete Report
 
33. Re: Steam Forums Hacked? Nov 7, 2011, 19:15 jimnms
 
Satoru wrote on Nov 7, 2011, 15:36:
You will note that I can send you an email that appears to be from anyone on the planet from any domain name without hacking the Steam forums at all.

In this case the email didn't just appear to come from steam servers, it DID come from steam servers. They used the forums to send mail that actually did come from valve/steam servers.
 
Avatar 17277
 
Steam Profile
Reply Quote Edit Delete Report
 
32. Re: Steam Forums Hacked? Nov 7, 2011, 19:07 Dev
 
Creston wrote on Nov 7, 2011, 18:23:
nin wrote on Nov 7, 2011, 18:15:

Have no idea what my steam forum password is, but I changed my account password anyway, just to be safe.

And yeah, another vote for a key fob like I have for WOW.

Yeah, seeing how I've got like 5 grand worth of games on Steam, I'd like to get a fob too.

Creston
Same. Paypal fob would be easiest, you use that for ebay, paypal, and it only costs $5 from paypal since they subsidize most of it. Its actually the one from verisign, normally costs like $30. Its a credit card shaped fob, so its easy to keep handy in your wallet. The code changes like every 15 seconds, so even if someone gets a keylogger into your system, its still nearly impossible for someone to get into your paypal account. Versign already has all the systems in place, does the fobs, has the GUI to interface with it and authenticate, so its reasonably easy for a company to just use that setup and not develop a whole expensive fob system from scratch.
I wish google would do a fob for gmail too.

I don't know how much money I have in my steam account, but its like 600 games. And valve has NO NO NO EXCUSE for any security lapses, they have tons of money and can hire plenty of security specialists, have tons of confidential user info like address/credit card, and account stuff, and they had the big hl2 source code leak which should have knocked some sense into them.

On a side note, even if someone does get your steam login, with steam steam guard enabled, unless they can also login to your email it won't do them any good. Steam guard also has a feature to deauthorize all other computers except the one in which you activate that option. So if you are concerned, and don't mind re-authorizing laptops and stuff, hit that. Gmail has a similar feature to see all IPs logged into your account and kill all other logins if you want to.

Nightmare scenario would be if someone got your login, and did a charge which ended in a chargeback on a fraud credit card, valve bans your entire account, and I hear they aren't very willing to unlock any accounts.

This comment was edited on Nov 7, 2011, 21:32.
 
Reply Quote Edit Delete Report
 
31. Re: Steam Forums Hacked? Nov 7, 2011, 18:42 Spaced
 
Creston wrote on Nov 7, 2011, 18:23:
Yeah, seeing how I've got like 5 grand worth of games on Steam, I'd like to get a fob too.

You have 5K worth of games bound to Steam? Wow, you better hope that this 'test the waters' hack is where it stops because with Steam being the biggest DRM system target on the planet, odds are this kind of thing is just going to get worse and build, getting bigger and bolder with more effective probes and attacks. It's just a matter of time before Steam itself has to be 'shut down for maintenance' when a breech occurs and there's no telling how long you will be denied access to the games you paid for and/or the extent of your personal payment information getting scalped.

This is exactly why I don't want some global net nanny to be the gatekeeper for PC gaming. PC developers should start unbinding their games from forced dependency on Steam now (making it just an option) so their customers can still enjoy the games they pay for regardless of whether Steam works or doesn't. Or at least make their games Steam independent from here on out.

The length of downtime their forums have been offline is not an encouraging sign for their ability to implement protections against such hacks and protect their systems.
 
Reply Quote Edit Delete Report
 
30. Re: Steam Forums Hacked? Nov 7, 2011, 18:40 Dev
 
Satoru wrote on Nov 7, 2011, 15:36:
You will note that I can send you an email that appears to be from anyone on the planet from any domain name without hacking the Steam forums at all.
Only if you know my email addy, which is the point. I care more about my email leaking and having to redo that crap, than anything else. I'm not about to fall for phishing, and I have unique passwords too (separate emails and passwords for steam forums and steam login). Fortunately I use unique email forwarding for everything, so if my valve email leaked, I can change it and have it back again.

This comment was edited on Nov 7, 2011, 19:07.
 
Reply Quote Edit Delete Report
 
29. Re: Steam Forums Hacked? Nov 7, 2011, 18:23 Creston
 
nin wrote on Nov 7, 2011, 18:15:

Have no idea what my steam forum password is, but I changed my account password anyway, just to be safe.

And yeah, another vote for a key fob like I have for WOW.

Yeah, seeing how I've got like 5 grand worth of games on Steam, I'd like to get a fob too.

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
28. Re: Steam Forums Hacked? Nov 7, 2011, 18:15 nin
 


Have no idea what my steam forum password is, but I changed my account password anyway, just to be safe.

And yeah, another vote for a key fob like I have for WOW.
 
http://www.nin.com/pub/tension/
Reply Quote Edit Delete Report
 
47 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >


footer

Blue's News logo