These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Out of Pod Experience

 
  • Topic is locked indefinitely.
 

Security Breach at Steam

Author
Barakkus
#81 - 2011-11-14 12:48:44 UTC  |  Edited by: Barakkus
Endeavour Starfleet wrote:
Ya that statement Barakkus made has not been confirmed to be related to steam at all in my opinion. So I am very suspicious.

How are his friends affected yet the steam forums are not overflowing with reports of CC fraud?


Yeah one can hope that they didn't compromise the data, but it's just been a few days, more than likely people won't even see charges for a few months until those numbers have been disseminated. There are millions of CC numbers being bought and sold in IRC chatrooms 24/7, it could take months before anyone's information is out there and used.

http://youtu.be/yytbDZrw1jc

Endeavour Starfleet
#82 - 2011-11-14 12:54:09 UTC
It's just that people are already trying to blame other issues on the steam hack.

A guy on there said he has fraudulent charges to his paypal and demanded Steam compensate him when there is NO evidence that paypal security has been compromised.

Blaming valve for no reason isn't helping anybody.
Sidus Isaacs
Center for Advanced Studies
Gallente Federation
#83 - 2011-11-14 13:31:26 UTC  |  Edited by: Sidus Isaacs
Endeavour Starfleet wrote:
Ya that statement Barakkus made has not been confirmed to be related to steam at all in my opinion. So I am very suspicious.

How are his friends affected yet the steam forums are not overflowing with reports of CC fraud?



Perhaps they were really careless and spread personal information left and right on the web for all we know.

At least I use a method with my bank that would not let anyone really steal that much from me anyways (if be soem mirical tehy gain access to the encrypted files). At worst I loose a few dollars.
Luscius Uta
#84 - 2011-11-14 14:26:11 UTC
If CCP say they love Steam, then why are ISDs spamming the help channel with warnings that you shouldn't play EVE through Steam (I know I don't have to, but I don't see any disadvantages of using Steam to start EVE) everytime someone mentions Valve's service?

Workarounds are not bugfixes.

Barakkus
#85 - 2011-11-14 14:51:13 UTC
Luscius Uta wrote:
If CCP say they love Steam, then why are ISDs spamming the help channel with warnings that you shouldn't play EVE through Steam (I know I don't have to, but I don't see any disadvantages of using Steam to start EVE) everytime someone mentions Valve's service?



Yeah that's just ********. CCP should have a talk with the ISD about saying stupid **** like that.

http://youtu.be/yytbDZrw1jc

Grimpak
Manufactorum.
#86 - 2011-11-14 14:58:36 UTC
Luscius Uta wrote:
If CCP say they love Steam, then why are ISDs spamming the help channel with warnings that you shouldn't play EVE through Steam (I know I don't have to, but I don't see any disadvantages of using Steam to start EVE) everytime someone mentions Valve's service?



there are no advantages nor disadvantages by using Steam to start up EVE.


unless you count on the fluff like hours logged in counting.

[img]http://eve-files.com/sig/grimpak[/img]

[quote]The more I know about humans, the more I love animals.[/quote] ain't that right

Kengutsi Akira
Doomheim
#87 - 2011-11-14 18:39:49 UTC
Endeavour Starfleet wrote:
It's just that people are already trying to blame other issues on the steam hack.

A guy on there said he has fraudulent charges to his paypal and demanded Steam compensate him when there is NO evidence that paypal security has been compromised.

Blaming valve for no reason isn't helping anybody.


I wonder if theyre liable for damages given its their fault it happened for using (apparently) shoddy protection

"Is it fair that CCP can get away with..." :: checks ownership on the box ::

Yes

Sidus Isaacs
Center for Advanced Studies
Gallente Federation
#88 - 2011-11-14 23:08:42 UTC
Kengutsi Akira wrote:
Endeavour Starfleet wrote:
It's just that people are already trying to blame other issues on the steam hack.

A guy on there said he has fraudulent charges to his paypal and demanded Steam compensate him when there is NO evidence that paypal security has been compromised.

Blaming valve for no reason isn't helping anybody.


I wonder if theyre liable for damages given its their fault it happened for using (apparently) shoddy protection


That is a weak argument. Lets not blame the ones who did it, let blame the victims.
Zions Child
Deep Core Mining Inc.
Caldari State
#89 - 2011-11-15 00:10:49 UTC  |  Edited by: Zions Child
Hmm. If the group that hacked Steam releases millions of credit card numbers, I foresee horrible, horrible things happening to them. The anti-cyber crime units in the modern world have been pretty good at arresting hackers, especially hackers of this caliber and gall. If they released millions of credit card numbers, every single bank ever would basically go into overdrive mode, and probably find a way to get governments to find and arrest them in the shortest, most violent way possible.
Considering that the banking industry basically runs every western government, it wouldn't be very difficult either. It might be Steam who was breached, but fraudulent credit card activity costs the banks money, and when it comes to not ******* around, banks are pretty much king. At least, the major, ethically questionable banks don't **** around.


Oh, and Steam is not responsible for fraudulent charges, and will not be required to reimburse people at all. If you call your bank within a few days though, they WILL refuse to pay the vendors where fraudulent charges were made. Still, this costs the banks money, and they hate that with a passion.
Barakkus
#90 - 2011-11-15 00:16:06 UTC
Zions Child wrote:
Hmm. If the group that hacked Steam releases millions of credit card numbers, I foresee horrible, horrible things happening to them. The anti-cyber crime units in the modern world have been pretty good at arresting hackers, especially hackers of this caliber and gall. If they released millions of credit card numbers, every single bank ever would basically go into overdrive mode, and probably find a way to get governments to find and arrest them in the shortest, most violent way possible.
Considering that the banking industry basically runs every western government, it wouldn't be very difficult either. It might be Steam who was breached, but fraudulent credit card activity costs the banks money, and when it comes to not ******* around, banks are pretty much king. At least, the major, ethically questionable banks don't **** around.


Oh, and Steam is not responsible for fraudulent charges, and will not be required to reimburse people at all. If you call your bank within a few days though, they WILL refuse to pay the vendors where fraudulent charges were made. Still, this costs the banks money, and they hate that with a passion.


The number of CC numbers they could have stolen is like 1/10000th the number that are traded on the black market daily. 1 CC number goes for approximately $1 on the black market, millions of them are bought and sold every day. Sometimes they're good for a few hundred dollars in purchases, sometimes a few thousand, some are completely shut off before someone can make fraudulent charges on them. It's the cost of doing business in the internet world now a days. You'd be surprised at how much CC fraud and identity theft goes on every day.

http://youtu.be/yytbDZrw1jc

Zions Child
Deep Core Mining Inc.
Caldari State
#91 - 2011-11-15 03:33:19 UTC
Barakkus wrote:
Zions Child wrote:
Hmm. If the group that hacked Steam releases millions of credit card numbers, I foresee horrible, horrible things happening to them. The anti-cyber crime units in the modern world have been pretty good at arresting hackers, especially hackers of this caliber and gall. If they released millions of credit card numbers, every single bank ever would basically go into overdrive mode, and probably find a way to get governments to find and arrest them in the shortest, most violent way possible.
Considering that the banking industry basically runs every western government, it wouldn't be very difficult either. It might be Steam who was breached, but fraudulent credit card activity costs the banks money, and when it comes to not ******* around, banks are pretty much king. At least, the major, ethically questionable banks don't **** around.


Oh, and Steam is not responsible for fraudulent charges, and will not be required to reimburse people at all. If you call your bank within a few days though, they WILL refuse to pay the vendors where fraudulent charges were made. Still, this costs the banks money, and they hate that with a passion.


The number of CC numbers they could have stolen is like 1/10000th the number that are traded on the black market daily. 1 CC number goes for approximately $1 on the black market, millions of them are bought and sold every day. Sometimes they're good for a few hundred dollars in purchases, sometimes a few thousand, some are completely shut off before someone can make fraudulent charges on them. It's the cost of doing business in the internet world now a days. You'd be surprised at how much CC fraud and identity theft goes on every day.



Was it only a portion of Steam's credit card numbers that were stolen? Because I'm pretty sure Steam has millions of users, and if the encryption was broken on millions of credit card numbers simultaneously, then it would definitely not be 1/10000th the amount traded on the black market. 1/100th, maybe, but it would still be a huge influx of credit card numbers. Not to mention that these weren't stolen by taking advantage of concentrated stupid, these were stolen by hacking into a secure database.
Barakkus
#92 - 2011-11-15 03:53:19 UTC
Zions Child wrote:

Was it only a portion of Steam's credit card numbers that were stolen? Because I'm pretty sure Steam has millions of users, and if the encryption was broken on millions of credit card numbers simultaneously, then it would definitely not be 1/10000th the amount traded on the black market. 1/100th, maybe, but it would still be a huge influx of credit card numbers. Not to mention that these weren't stolen by taking advantage of concentrated stupid, these were stolen by hacking into a secure database.


The thing is, they may report 35 million subscribers, betting only half stored numbers and are semi-recent subscribers, and maybe a quarter of those stored are still valid. So you're looking at maybe 6 or 7 million credit card numbers that will enter the market and be usable. Who knows how many it actually was, if any of them actually were stolen.

It's not enough to make people go apeshit, but serious none the less. This probably won't be anywhere near the record numbers of cards stolen in the past. Something in the neighborhood of 40 or 50 million numbers at one time I think was the record. Some of the trading groups they bust are trading a couple million numbers at a time over the course of a year or two, and there's lots of those groups out there.

http://youtu.be/yytbDZrw1jc

venomkid
Almost Everything LLC
#93 - 2011-11-15 04:19:48 UTC
I'm not overly worried about it and i have over $1000 invested in my steam account. If it gets hacked it gets hacked. Nothing i can really do to prevent it. Change passwords and all should be fine. I'm sure it will blow over in due time. And also expect this to start becomming a common thing as EVERYONE phases out retails disk. Why spend money when you can copy and paste the data and get anopther $60. Waste of money to ship actual disks and cases.
Elyssa MacLeod
Doomheim
#94 - 2011-11-15 04:57:25 UTC  |  Edited by: Elyssa MacLeod
Sidus Isaacs wrote:
Kengutsi Akira wrote:
Endeavour Starfleet wrote:
It's just that people are already trying to blame other issues on the steam hack.

A guy on there said he has fraudulent charges to his paypal and demanded Steam compensate him when there is NO evidence that paypal security has been compromised.

Blaming valve for no reason isn't helping anybody.


I wonder if theyre liable for damages given its their fault it happened for using (apparently) shoddy protection


That is a weak argument. Lets not blame the ones who did it, let blame the victims.


that is a weak argument, its not the ones that did it that I can sue for the contents of what I used to have in my bank, but the people whose FAULT (through ****** security) my CC # was given to the "ones who did it"

as to the above post, wish I had a thousand $ I didnt care if it dissapeared... you could give some to me you know :D

GM Homonoia: Suicide ganks are a valid and viable tactic in EVE.

Where is your God now carebear?

Barakkus
#95 - 2011-11-15 14:52:49 UTC  |  Edited by: Barakkus
The best part of this whole thing is now Valve employees are trolling customers that have questions about the breach on their forums. Completely unacceptable and down right unprofessional.

The conversation is as follows:

Quote:
cl4ym4n
Care to actually confirm whether or not you've used AES256 to encrypt the cc data - or maybe release an actual official 'post-hack' statement to answer the things your customers are currently worried about?

From what I can see, all the talk about the actual encryption method in the gazillion threads regarding the hack is purely based on - what appears to be - a fake mail by Gabe.

If we are safe to rely on the encryption method mentioned in that (fake) mail, then where's my Dota 2 and Portal 2? :confused: I don't actually care that much about Dota and preordere Portal back then... what I'm trying to say is, that it would be illogical to assume that one part of the mail is true while the other part isn't.

I understand that you guys might be busy with investigation and stuff (still?) etc., but the lack of of Valve's presence in the forums after such an event is quite unsettling to me personally and makes me start thinking why exactly it is like that - especially compared to the Summer Sale for example, where, expressed with some exaggeration, nearly every thread had atleast one post of an employee. :|


http://forums.steampowered.com/forums/showpost.php?p=26381637&postcount=39

The employee in question posts some more garbage here and there,


Quote:
cl4ym4n
I'm not expecting Valve do post a statement like that, either. That's not the point here anyway.

What I'm asking for is a basic confirmation whether or not they actually used that encryption method - something like 'Yes, we used AES256 to encode the data' or 'No, we didn't use AES256 to encode the data'.

The last known status is that they're still investigating. No word about 'everything is back to normal' or 'we improved our security' or anything like that.

In the meantime, theories and assumptions get spread on the forums by various people to a point where more and more users actually start believing in them, simply because the stuff is posted everywhere...

To make things clear... I've never used a credit card with Steam, so I actually couldn't care less whether or not the data is encrypted. I'm not a Steam hater either, but come on.. am I really the only one who is concerned about the lack of further information and/or clarification in here?


http://forums.steampowered.com/forums/showpost.php?p=26383137&postcount=46

Follwed by some more garbage from employee not addressing the question, then this guy says:
Quote:
cl4ym4n
Well thanks, I guess that's a 'no' to my initial question.


So this Valve employee tells the guy:
Quote:
MikeBlaszczak
Stop trolling. Your initial question remains explicitly unanswered.




...seriously, I would expect some humility and maybe a straight forward response, even if it's "we can't discuss this at this time" which the employee didn't post until later in the thread...not even CCP would have treated that guy like that with their "sense of humor". I'm a bit pissed off that Valve employees are being so snarky in regards to their **** up honestly. I was pretty much like "well **** happens sometimes" about the whole thing, but that's just unacceptable.

http://youtu.be/yytbDZrw1jc

Zions Child
Deep Core Mining Inc.
Caldari State
#96 - 2011-11-15 16:46:16 UTC
Intriguing... I always saw Valve as being at least moderately professional. Kerberos Productions is a goddamn joke, their CEO is a ******* idiot who doesn't understand the concept of business professionalism, but Valve I expect more from. Someone ought to complain to the customer service department.
Iosue
Black Sky Hipsters
#97 - 2011-11-15 16:50:14 UTC
meh, still don't see any problem using my CC for these transactions. there's so much insured protection that i don't even break a sweat when i hear about this stuff. One call to my CC to contest these (or any false) charges and its a non-issue. Now if you use a debit card, that's a whole different story. And paypal doesn't make me feel any safer. Just wait till they hack paypal and get access to your bank routing and account number, that will be a big PITA to deal with.

TLDR; Credit Cards FTW!!
Barakkus
#98 - 2011-11-15 17:44:13 UTC
Their forums are taking a giant **** today lol.

I have a feeling their problems aren't over yet.

We'll see if I get banned for voicing my dissatisfaction with the handling of their customers. One of their peon moderators already started getting in my face for no good reason telling me to stop "accusing" people of ****. I'm usually pretty understanding about forum moderation and the like, but this little jerk is acting like that hall monitor kid everyone hated in school.

http://youtu.be/yytbDZrw1jc

MLG Morril
Fly By Night Brokerage
#99 - 2011-11-15 20:11:38 UTC
Barakkus wrote:
BrundleMeth wrote:
PayPal FTW.... Until they get hacked....


They have been hacked in the past.



Hopefully they learnt from their lesson.

Fly straight and never forget.

Nari Neya
Vhero' Multipurpose Corp
#100 - 2011-11-15 22:46:47 UTC
Quote:
Since many of you love Steam

Are you kidding? Who in their right mind would love this.... thing?