Steam Forum Downtime Follow-up; Steam Also Breached

Valve confirms indications from earlier this week that the downtime on the Steam Users' Forums was the result of a break-in, revealing that the Steam service itself also suffered an intrusion. Here is a message from Valve's Gabe Newell explaining the situation:
Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
View : : :
62.
 
Re: Gabe's ass is well covered by your head.
Nov 10, 2011, 23:55
62.
Re: Gabe's ass is well covered by your head. Nov 10, 2011, 23:55
Nov 10, 2011, 23:55
 
There is no hypocrisy. Sony took forever to respond, then took their servers offline for months, and had to rebuild their entire infrastructure.

Sony was fucking incompetent as hell throughout the whole thing.

No one is invulnerable to hacks. The important thing is how well-secured the data that was stolen is, and how they respond to it. Sony had jack shit security on the stored data - they didn't even fucking salt the passwords, one of the most elementary lessons in security.

Valve, on the other hand secured everything properly. Hashed and salted passwords, encrypted credit card data.

For fuck's sake, when Sony was originally hacked, they didn't even know what kind of security they had!
Date
Subject
Author
53.
Nov 10, 2011Nov 10 2011
54.
Nov 10, 2011Nov 10 2011
66.
Nov 11, 2011Nov 11 2011
67.
Nov 11, 2011Nov 11 2011
      removed
68.
Nov 11, 2011Nov 11 2011
27.
Nov 10, 2011Nov 10 2011
34.
Nov 10, 2011Nov 10 2011
40.
Nov 10, 2011Nov 10 2011
47.
Nov 10, 2011Nov 10 2011
41.
Nov 10, 2011Nov 10 2011
43.
Nov 10, 2011Nov 10 2011
58.
Nov 10, 2011Nov 10 2011
51.
Nov 10, 2011Nov 10 2011
59.
Nov 10, 2011Nov 10 2011
60.
Nov 10, 2011Nov 10 2011
61.
Nov 10, 2011Nov 10 2011
 62.
Nov 10, 2011Nov 10 2011
     Re: Gabe's ass is well covered by your head.
64.
Nov 11, 2011Nov 11 2011
65.
Nov 11, 2011Nov 11 2011
76.
Nov 12, 2011Nov 12 2011