These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Out of Pod Experience

 
  • Topic is locked indefinitely.
 

Security Breach at Steam

Author
Barakkus
#21 - 2011-11-11 15:23:05 UTC
Enik3 wrote:
Gabe Newall has indicated that AES256 encryption was used on sensitive information, so there's very little to worry about if that's true.

I have far more faith in the security layers at a premier e-commerce company like Steam than I do in, say, ANY government agency. I'm pretty sure the average person's personal data is much more exposed in other places.


Yeah, but we saw how that worked out with Sony, who has a much larger customer base and much larger product base.

http://youtu.be/yytbDZrw1jc

Kengutsi Akira
Doomheim
#22 - 2011-11-11 16:34:25 UTC
"see why its bad to force steam on us,"

1C Company
2K Games
Activision
Akella
Atari
Bethesda
Big Fish Games
bitComposer
Bohemia Interactive
Capcom
City Interactive
Codemasters
Deep Silver
Electronic Arts
Epic Games
Focus
Her Interactive
id Software
Interplay
iWin
Kalypso
Konami
LucasArts
Majesco
Meridian4
MumboJumbo
Namco Networks America, Inc.
NCsoft
Nordic Games
NovaLogic
Paradox Interactive
PlayFirst
PopCap
Prima Games
RailSimulator.com
Rockstar Games
Sandlot Games
SEGA
Sony Online
SouthPeak Games
SQUARE ENIX, Eidos Interactive
Strategy First
Telltale Games
THQ
Tilted Mill
Topware
Ubisoft
Valve
Viva Media
Warner Bros.


lol though, I cant cancel my card, its a holiday. I cant change my password, I get "unable to process request try again later"

what did they do, hack it and **** their ability to process PW change requests?

"Is it fair that CCP can get away with..." :: checks ownership on the box ::

Yes

Barakkus
#23 - 2011-11-11 17:00:18 UTC  |  Edited by: Barakkus
Kengutsi Akira wrote:
lol though, I cant cancel my card, its a holiday. I cant change my password, I get "unable to process request try again later"

what did they do, hack it and **** their ability to process PW change requests?


I was able to change my passwords last night when I got the announcement. There may have been an influx of people doing it today that broke the system. I would try again a little later since a **** ton of people just woke up to the announcement today.

You can request a new card and still continue to use the old one until you want it deactivated.

http://youtu.be/yytbDZrw1jc

TC wabbajack
SnM pain distribution network
#24 - 2011-11-11 17:53:52 UTC
I blame the thievng scum hackers.




speaking as a PSN and steam user
Kengutsi Akira
Doomheim
#25 - 2011-11-11 18:50:10 UTC
is paypal safer?

"Is it fair that CCP can get away with..." :: checks ownership on the box ::

Yes

Barakkus
#26 - 2011-11-11 18:57:17 UTC
Nothing is safer other than getting temporary CC numbers, which I don't believe my bank offers at the moment.

Paypal has had their share of breaches before too.

http://youtu.be/yytbDZrw1jc

KaarBaak
Squirrel Team
#27 - 2011-11-11 19:30:12 UTC

Not requiring Steam to play a single-player game would be safer.

Dum Spiro Spero

Krotfric McEnchroe
The Scope
Gallente Federation
#28 - 2011-11-11 19:35:33 UTC
That sucks. Kinda glad I haven't bought any games on steam for a while, since any credit card details steam have are for an expired card heh
Barakkus
#29 - 2011-11-11 19:41:11 UTC
Krotfric McEnchroe wrote:
That sucks. Kinda glad I haven't bought any games on steam for a while, since any credit card details steam have are for an expired card heh


Even if the card you used was "expired" there's still a good chance the number is the same, as long as they put in an expiration date that is later than today, a lot of the time a transaction will go through. I've fumbled expiration dates a number of times and transactions still get processed. Only way to be sure is to get completely new numbers and make sure the old numbers are deactivated completely. My EVE sub on my alt got renewed even though the number on the card that was still on file was "deactivated" I got an email about an error processing the transaction, then logged into my bank account to check it and lo-and-behold, the bank approved the transaction anyways...even though the number was not supposed to work anymore...

http://youtu.be/yytbDZrw1jc

Krotfric McEnchroe
The Scope
Gallente Federation
#30 - 2011-11-11 20:04:47 UTC
Barakkus wrote:
Krotfric McEnchroe wrote:
That sucks. Kinda glad I haven't bought any games on steam for a while, since any credit card details steam have are for an expired card heh


Even if the card you used was "expired" there's still a good chance the number is the same, as long as they put in an expiration date that is later than today, a lot of the time a transaction will go through. I've fumbled expiration dates a number of times and transactions still get processed. Only way to be sure is to get completely new numbers and make sure the old numbers are deactivated completely. My EVE sub on my alt got renewed even though the number on the card that was still on file was "deactivated" I got an email about an error processing the transaction, then logged into my bank account to check it and lo-and-behold, the bank approved the transaction anyways...even though the number was not supposed to work anymore...


Yeah that's understandable, though in my case, my current card has a different number, so I don't think the old one would even work anymore. Though I may be wrong.
Schnoo
The Schnoo
#31 - 2011-11-11 20:05:42 UTC
Enik3 wrote:
Gabe Newall has indicated that AES256 encryption was used on sensitive information, so there's very little to worry about if that's true.

I have far more faith in the security layers at a premier e-commerce company like Steam than I do in, say, ANY government agency. I'm pretty sure the average person's personal data is much more exposed in other places.

Well that's awesome! And I'm sure the hackers are right away trying to crack the AES256 encryption, instead of, you know, just downloading the AES256 keys from the compromised machine.

Sarcasm aside, one has to wonder how and where were they keeping the keys.
Bienator II
madmen of the skies
#32 - 2011-11-11 20:39:44 UTC
Enik3 wrote:
Gabe Newall has indicated that AES256 encryption was used on sensitive information, so there's very little to worry about if that's true.

well. if you have a short pw your are screwed. doesn't matter what encryption they used. They can just brute force it. 6 char pwds get brute forced over night on the GPU if you have access to the encrypted string of the pw.

how to fix eve: 1) remove ECM 2) rename dampeners to ECM 3) add new anti-drone ewar for caldari 4) give offgrid boosters ongrid combat value

Barakkus
#33 - 2011-11-11 20:52:54 UTC
Schnoo wrote:
Enik3 wrote:
Gabe Newall has indicated that AES256 encryption was used on sensitive information, so there's very little to worry about if that's true.

I have far more faith in the security layers at a premier e-commerce company like Steam than I do in, say, ANY government agency. I'm pretty sure the average person's personal data is much more exposed in other places.

Well that's awesome! And I'm sure the hackers are right away trying to crack the AES256 encryption, instead of, you know, just downloading the AES256 keys from the compromised machine.

Sarcasm aside, one has to wonder how and where were they keeping the keys.



From what was said in the notice, probably somewhere else, but if they could get access to the subscriber database, it's not much of a stretch to figure their encryption methods were also compromised. I would also venture a guess the breach happened well before they noticed it, and once the intruders were finished, decided to "deface" their forums.

http://youtu.be/yytbDZrw1jc

Barakkus
#34 - 2011-11-11 20:58:49 UTC
Jita Alt666
#35 - 2011-11-11 21:10:00 UTC
The price of convenience in a global market can be high.
Barakkus
#36 - 2011-11-11 21:44:05 UTC  |  Edited by: Barakkus
Edit edit edit: (I guess this has happened before, below is reference to an older article)

Is this guy bluffing?

Quote:
Posting on the No-Steam forum, an individual calling himself MaddoxX has claimed credit for hacking into Steam, and has posted presumably-confidential material including financial information, customers' credit card information, and screenshots of internal Valve web pages.

The alleged hacker appears to be attempting some form of online extortion against Valve, posting the following to the forum: "If you want me to remove these files you can e-mail me at (address removed) and I prefer you come with something good unless you want me to expose ALL of the customers their information." The specifics of his demands remain unclear.

Steam, introduced in 2004 in conjunction with Valve's massive hit Half-Life 2, has grown into a massively popular and successful online distribution system on the internet. Along with Valve, Steam is now also used by companies such as Eidos, Akella, Activision and 2K Games. As well as new releases, Steam is also serving as a distribution method for older releases such as Thief: Deadly Shadows, Arx Fatalis, and Deus Ex: Invisible War, offering gamers a chance to play titles that are otherwise difficult to obtain.

If this claim of data theft is genuine, it could quickly become a public relations nightmare for Valve, which would be forced to reveal to credit card holders that its security has been breached. This would also be the second high-profile lapse in security involving Valve in recent years; in 2003, the Half-Life 2 source code was stolen by someone who managed to break into Valve's internal systems undetected.


http://www.escapistmagazine.com/news/view/70817-Steam-Faces-Possible-Security-Breach

http://youtu.be/yytbDZrw1jc

KaarBaak
Squirrel Team
#37 - 2011-11-11 21:47:18 UTC  |  Edited by: KaarBaak
If he's not bluffing, he's setting himself up for some serious criminal charges.

EDIT:
Quote:
To put it simply: he’s screwed.

Dum Spiro Spero

Barakkus
#38 - 2011-11-11 21:49:22 UTC
Nm, it's an old article...2008...

http://youtu.be/yytbDZrw1jc

Barakkus
#39 - 2011-11-11 23:03:10 UTC
We might get free copies of Portal 2 and DOTA 2 out of it though lol
http://www.thereticule.com/update-on-steam-security-breach/

http://youtu.be/yytbDZrw1jc

Grimpak
Aliastra
Gallente Federation
#40 - 2011-11-12 01:48:15 UTC
Barakkus wrote:
We might get free copies of Portal 2 and DOTA 2 out of it though lol
http://www.thereticule.com/update-on-steam-security-breach/



if we get free copies of portal 2 and DOTA 2 that would actually be awesomeLol

[img]http://eve-files.com/sig/grimpak[/img]

[quote]The more I know about humans, the more I love animals.[/quote] ain't that right