Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Steam Forum Downtime Follow-up; Steam Also Breached

Valve confirms indications from earlier this week that the downtime on the Steam Users' Forums was the result of a break-in, revealing that the Steam service itself also suffered an intrusion. Here is a message from Valve's Gabe Newell explaining the situation:

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

View
76 Replies. 4 pages. Viewing page 1.
< Newer [ 1 2 3 4 ] Older >

76. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 12, 2011, 20:24 nin
 

It's already gone down many times over the years, removing your access to the games you paid for.

I've never lost access to my games. It's called offline mode.

 
http://www.nin.com/pub/tension/
Reply Quote Edit Delete Report
 
75. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 12, 2011, 20:18 Spaced
 
I doubt it's going to happen...

It's already gone down many times over the years, removing your access to the games you paid for. It'll happen again, we're just talking about when and for how long. While a month or more of downtime may be unlikely, the same was said about PSN and Steam getting hacked at all.
 
Reply Quote Edit Delete Report
 
74. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 12, 2011, 16:40 nin
 
Well, that could happen with Steam also.

The earth could explode in 5 minutes too, but I doubt it's going to happen...


 
http://www.nin.com/pub/tension/
Reply Quote Edit Delete Report
 
73. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 12, 2011, 15:27 Spaced
 
saluk wrote on Nov 11, 2011, 16:22:
The problem with the sony hack was people were locked out for months with no functionality, on top of all the privacy/identity issues.

Well, that could happen with Steam also. It's why I don't want any game I buy to be dependent on Steam. Optionally, Steam is fine, but it should never be required for any game. A game should be able to function entirely independently of Steam and only use Steam features optionally.
 
Reply Quote Edit Delete Report
 
72. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 12, 2011, 14:52 ^Drag0n^
 
Hoping that the rumored AES256 is true. If so, you really can't ask them to do much more, aside from encryping all of your PM that way (which may not be a bad idea).

I wish they would come out and say it, though, but I understand the libel reasons for them not doing so. Even my friends as Valve won't comment on it, so you know they are taking it seriously.

^D^
 
Avatar 55075
 
"Never start a fight, but always finish it."
Reply Quote Edit Delete Report
 
71. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 11, 2011, 16:22 saluk
 
I think the response and the protections valve employed (password hashes, encryption, steamguard) are about the best we can hope for in a hack like this. I really hope they get to the bottom of this soon. The problem with the sony hack was people were locked out for months with no functionality, on top of all the privacy/identity issues.  
Reply Quote Edit Delete Report
 
70. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 11, 2011, 12:29 elefunk
 
http://www.lo-ping.org/wp-content/uploads/2011/11/1320994934073.png

Looks like Valve wins again. AES256 encryption on credit card info means no one will ever be getting that info, or else the entire world is fucked over.


Any company is vulnerable to hacks - saying they have "shitty security" or are "ignorant" doesn't help, and doesn't say anything. No one can protect against everything.

However, Valve did *EVERYTHING* right when it comes to actually securing that information in the case that it was unfortunately stolen.
 
Reply Quote Edit Delete Report
 
69. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 11, 2011, 08:12 Omni
 
Again a big company with shitty security and then getting away with no repercussions.  
Reply Quote Edit Delete Report
 
68. Re: Waiting to warn is irresponsible. Nov 11, 2011, 06:30 Prez
 
CJ, I believe he meant the Steam client has been just fine for a while now, NOT since the beginning. Just about everyone knows the great big STEAMing pile of shit Steam was at launch; but those problems have been long gone.  
Avatar 17185
 
“The greatness of a nation and its moral progress can be judged by the way its animals are treated.”
- Mahatma Gandhi
Reply Quote Edit Delete Report
 
67. removed Nov 11, 2011, 05:36 CJ_Parker
 
* REMOVED *
This comment was deleted on Nov 13, 2011, 12:04.
 
Reply Quote Edit Delete Report
 
66. Re: Waiting to warn is irresponsible. Nov 11, 2011, 05:08 Fibrocyte
 
CJ_Parker wrote on Nov 10, 2011, 21:40:
Say what? Granted... things have improved a lot and Steam has come a long way but let's not forget the very past you mentioned. And in that regard what do you mean with "respect"? You mean "respect" as in forcing a sluggish, buggy, unstable, unresponsive, plain fucking annoying, intrusive piece of shit client down our collective throats? Yeah. That's some really great 'spect they showed us right there. I'm still in awe. No, really. I am .

Say what? The steam client is and has been just fine. It brings a lot more convenience to the table then it does inconvenience.

If it is sluggish for you, perhaps it is time to upgrade your Mendocino processor to something more modern.

Or maybe you just belong on a console instead.
 
Reply Quote Edit Delete Report
 
65. Re: Gabe's ass is well covered by your head. Nov 11, 2011, 02:04 Krovven
 
RollinThundr wrote on Nov 10, 2011, 23:01:
Regardless is he that wrong? People bitched up a storm about Sony,

Actually yes he is that wrong. Not only was his list of problems with Steam completely and utterly false and 5 years old, Valve has got several systems in place to help provide protection to the end users. The most notable being SteamGuard, another being that Steam, Steam Forums and Steam Support are all separate accounts. As others have already pointed out, the data was well secured.

Furthermore yes, for them or any company to rush to make a statement without any investigation is amateurish. And yes rushing and making incorrect statements can be more damaging, particularly if you understate the problem only for it to turn out to be far worse. The same applied to Sony. However in both of these cases, we did know about the breaches within 48 hours, the companies just did not issue immediate statements.

And I've said it before and I'll say it again. No system is 100% secure. Nothing is secure, not your home, not your car, not your workplace, not the internet, not your banks, nothing. The sooner everyone figures that out, the sooner they will stop making ridiculously stupid comments like some of the ones made here and during the Sony incident.

The primary difference here is as already mentioned, Valve has several public security measures in place (ie: SteamGuard), while most
companies do not even provide that.

This comment was edited on Nov 11, 2011, 02:12.
 
Reply Quote Edit Delete Report
 
64. Re: Gabe's ass is well covered by your head. Nov 11, 2011, 01:35 RollinThundr
 
Dades wrote on Nov 10, 2011, 23:44:
RollinThundr wrote on Nov 10, 2011, 23:01:
Regardless is he that wrong? People bitched up a storm about Sony, yet when it's valve its another case of Oh it's valve, they can do no wrong. The hypocrisy involving certain dev/publishers around here is just comical.

Valve didn't take weeks to disclose it and plenty of people here are not happy with them about this. What more do you want, a Gabe crucifix?

Sony bungled their mishap from start to finish and it's no surprise they were lambasted by both the press and customers.

No a crucifix isn't needed, it wouldn't support his weight anyway. I kid I kid!

Really It's annoying that it happened as I actually use steam, I just tend to notice a trend that certain devs/publishers, though mostly devs tend to get defended quite a bit while others due to past reputation or whatever get shit on for the smallest things.

I'm not the biggest Valve fan but I'm don't have the obsessive hate Riley does either to be honest.
 
Reply Quote Edit Delete Report
 
63. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 11, 2011, 01:08 KilrathiAce
 
Dades you may want to check back on what happened with sony as some of the data stolen wasnt even encrypted or secured. This is big difference with Valve.... heh maybe you need to realize this.  
Avatar 7413
 
"On 2646.215 I myself attacked & destroyed TCS Tiger's Claw in my Jalthi heavy fighter"
Bakhtosh Redclaw Nar Kiranka
Reply Quote Edit Delete Report
 
62. Re: Gabe's ass is well covered by your head. Nov 10, 2011, 23:55 elefunk
 
There is no hypocrisy. Sony took forever to respond, then took their servers offline for months, and had to rebuild their entire infrastructure.

Sony was fucking incompetent as hell throughout the whole thing.

No one is invulnerable to hacks. The important thing is how well-secured the data that was stolen is, and how they respond to it. Sony had jack shit security on the stored data - they didn't even fucking salt the passwords, one of the most elementary lessons in security.

Valve, on the other hand secured everything properly. Hashed and salted passwords, encrypted credit card data.

For fuck's sake, when Sony was originally hacked, they didn't even know what kind of security they had!
 
Reply Quote Edit Delete Report
 
61. Re: Gabe's ass is well covered by your head. Nov 10, 2011, 23:44 Dades
 
RollinThundr wrote on Nov 10, 2011, 23:01:
Regardless is he that wrong? People bitched up a storm about Sony, yet when it's valve its another case of Oh it's valve, they can do no wrong. The hypocrisy involving certain dev/publishers around here is just comical.

Valve didn't take weeks to disclose it and plenty of people here are not happy with them about this. What more do you want, a Gabe crucifix?

Sony bungled their mishap from start to finish and it's no surprise they were lambasted by both the press and customers.
 
Avatar 54452
 
Reply Quote Edit Delete Report
 
60. Re: Gabe's ass is well covered by your head. Nov 10, 2011, 23:16 Prez
 
Regardless is he that wrong? People bitched up a storm about Sony, yet when it's valve its another case of Oh it's valve, they can do no wrong. The hypocrisy involving certain dev/publishers around here is just comical.

Just like in politics, it's not so much what someone says as why he or she is saying it.

Riley, no matter what name he chooses, has a clear obsessive agenda to verbally lambast Steam and Valve at every possible opportunity. He is an obsessive hate-spindoctor who believes Valve can do nothing right. Riley lacks the ability to objectively view any case concerning Valve or Steam, blinded by his hateful obsession as he is. So any point he makes, regardless of the apparent wisdom behind his words, needs to be viewed through that prism. 'nin' seems pretty sure his anti-Valve crusade has to do with his employment by a rival studio, and I am inclined to agree.

Personally, while disappointed (and truth be told, a tad worried) by thie news of the hack, I'm not all that bent out of shape about it, nor was I with Sony's, because shit happens, and it's impossible to prepare for every contingency. Nothing is asshole-proof because they are always building better assholes.
 
Avatar 17185
 
“The greatness of a nation and its moral progress can be judged by the way its animals are treated.”
- Mahatma Gandhi
Reply Quote Edit Delete Report
 
59. Re: Gabe's ass is well covered by your head. Nov 10, 2011, 23:01 RollinThundr
 
nin wrote on Nov 10, 2011, 21:21:

Assley! I can't believe you took this long to show up! How's things at monolith?

Regardless is he that wrong? People bitched up a storm about Sony, yet when it's valve its another case of Oh it's valve, they can do no wrong. The hypocrisy involving certain dev/publishers around here is just comical.
 
Reply Quote Edit Delete Report
 
58. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 22:07 nin
 
Prez wrote on Nov 10, 2011, 21:52:
EDIT: Oh, and welcome back to the Bluesnews resident Steam hater, Riley Pitz, who keeps changing his identity but not his ways.


Assley Putz!
Assley Putz!
Assley Putz!


 
http://www.nin.com/pub/tension/
Reply Quote Edit Delete Report
 
57. Re: Waiting to warn is irresponsible. Nov 10, 2011, 21:56 I've Got The News Blues
 
Mordecai Walfish wrote on Nov 10, 2011, 21:29:
Alerting and sending into a fervor millions of customers *IMMEDIATELY* is a short-sighted and amateur response.
hahahaha! So it's better to send them into an even bigger fervor days later after the customers find out that the crooks have had their personal and payment data for days without warning?! You Valve apologists are unbelievable.

If a security breach were ever so severe to warrant this it would entail the developer having a great deal of certainty that crucial personal data is at risk of potentially being decrypted and manipulated.
First, having payment details stolen in a breach is severe especially when it involves tens of millions of customers as it does here. Second, expecting the victim company of the breach to be certain about anything regarding security after a breach has recently occured is laughable. If these hackers had not disfaced the forum website, Valve probably would not have even known about this breach. So, using the victim company's judgment on the severity of breach and the full ramifications of it on customers is simply foolhardy.

Please don't expect such poppycock from Valve. They have shown enough respect for the gamer community in the past
This incident proves that Valve doesn't respect its customers enough to spend sufficient resources to properly protect customers' information or to notify them promptly if their information has been stolen.

This comment was edited on Nov 10, 2011, 22:09.
 
Reply Quote Edit Delete Report
 
76 Replies. 4 pages. Viewing page 1.
< Newer [ 1 2 3 4 ] Older >


footer

Blue's News logo