Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:
Greenbelt, MD 08/22

Regularly scheduled events

Steam Forum Downtime Follow-up; Steam Also Breached

Valve confirms indications from earlier this week that the downtime on the Steam Users' Forums was the result of a break-in, revealing that the Steam service itself also suffered an intrusion. Here is a message from Valve's Gabe Newell explaining the situation:

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

View
76 Replies. 4 pages. Viewing page 4.
< Newer [ 1 2 3 4 ] Older >

16. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 18:26 Razumen
 
Well, Gabe, I'd love to change my password, but Steam won't let me do it while inside the app, and the option does not appear to be on your website either.  
Reply Quote Edit Delete Report
 
15. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 18:25 HorrorScope
 
In general: I still sit here and wonder exactly how many holes are actually in MS O/S's. To me is seems infinite. As Sony would say "How can this be?". How can top companies even afford to use MS products at all? Security and Safety first, lol. Hope and pray is more like it.  
Avatar 17232
 
Reply Quote Edit Delete Report
 
14. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 18:16 Overon
 
For the life of me, I don't understand why all companies don't encrypt their databases, all the information, not just certain parts of it like credit card information.  
Reply Quote Edit Delete Report
 
13. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 18:12 Techie714
 
Mashiki Amiketo wrote on Nov 10, 2011, 18:10:
Techie714 wrote on Nov 10, 2011, 18:05:
This is a pretty serious breach & I hope those passwords were encrypted well with good salting technology.
Salted-hash is usually pretty difficult to break, and I don't know of many success attempts against it, as long as you're not using archaic methods from the early 90's. I guess we'll find out in time. Though even if they manage to build themselves a cluster of GPU's for brute forcing it might take them 10 years to break it, as long as the salting was good.

Good post, Thanks!
 
Avatar 25373
 
Steam (ID)
http://steamcommunity.com/id/techie714/
DEAD SH0T
Keep your privacy!
http://prism-break.org/
Reply Quote Edit Delete Report
 
12. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 18:10 Mashiki Amiketo
 
Techie714 wrote on Nov 10, 2011, 18:05:
This is a pretty serious breach & I hope those passwords were encrypted well with good salting technology.
Salted-hash is usually pretty difficult to break, and I don't know of many success attempts against it, as long as you're not using archaic methods from the early 90's. I guess we'll find out in time. Though even if they manage to build themselves a cluster of GPU's for brute forcing it might take them 10 years to break it, as long as the salting was good.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
11. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 18:05 Techie714
 
My thoughts on this.

1. We the users of Steam should NOT give them a pass on this. ALL companies should be taking security seriously & to the highest level possible. Millions of folks love Steam & I'm one of them but right now I'm pretty PISSED that this has happened. I dont blame Steam however I do expect them to do everything possible to make sure all data is highly secure.

2. It would be a good idea for all steam users to take Gabes advice & change your password remember to always use numbers, letters & at least one SYMBOL.

3. "including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information." This is a pretty serious breach & I hope those passwords were encrypted well with good salting technology.
 
Avatar 25373
 
Steam (ID)
http://steamcommunity.com/id/techie714/
DEAD SH0T
Keep your privacy!
http://prism-break.org/
Reply Quote Edit Delete Report
 
10. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:59 Mashiki Amiketo
 
Overon wrote on Nov 10, 2011, 17:54:
I only have one question. How good was the encryption used for credit card information. Just because something is encrypted, does not mean it's encrypted well.
There was a story back a bit ago on /. about basic SSL/TLS being broken. So in reality, everything could be up in the air unless banks and financial institutions are moving past it.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
9. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:56 jacobvandy
 
It doesn't sound like a big deal from what he's saying (note that that's a lot different than the hysteria some sites are pushing), but even if there are any issues, I'm sure they'll sort them out and probably compensate those that are affected somehow.  
Reply Quote Edit Delete Report
 
8. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:54 Overon
 
I only have one question: How good was the encryption used for credit card information? Just because something is encrypted, does not mean it's encrypted well. I never elected to have them remember my credit card information so I hope those accounts don't have to worry about credit card information being compromised.

This comment was edited on Nov 10, 2011, 18:01.
 
Reply Quote Edit Delete Report
 
7. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:53 killer_roach
 
Good time for it to have happened - my debit card was in the process of being replaced due to suspicious activity already, so the number they possibly could've gotten is useless to them.  
Reply Quote Edit Delete Report
 
6. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:50 Aero
 
Let's hope they really honored the selection to not save credit card details when you purchase something (I'd really like it if that wasn't checked by default, all you have to do is forget it one time). Of course, that isn't to say the data isn't somewhere amongst their billing databases.

 
Reply Quote Edit Delete Report
 
5. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:48 Mashiki Amiketo
 
...

Yeah. I'll take the FOB now.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
4. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:46 PHJF
 
/sigh  
Avatar 17251
 
Steam + PSN: PHJF
Reply Quote Edit Delete Report
 
3. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:46 Rattlehead
 
*insert generic gabe ate the forums fat joke here*  
Avatar 55889
 
Reply Quote Edit Delete Report
 
2. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:45 dardin
 
Hopefully they find out who was behind this and they get arrested. I really dislike seeing something like this happen to a great company like Valve who has done so much for the gaming community.  
Reply Quote Edit Delete Report
 
1. Re: Steam Forum Downtime Follow-up; Steam Also Breached Nov 10, 2011, 17:44 StingingVelvet
 
My Steam account has a unique passoword and Steamguard active, so changing it would likely be overkill. Shame it took them 4 days to say anything though.  
Avatar 54622
 
Reply Quote Edit Delete Report
 
76 Replies. 4 pages. Viewing page 4.
< Newer [ 1 2 3 4 ] Older >


footer

Blue's News logo