These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Out of Pod Experience

 
  • Topic is locked indefinitely.
123Next pageLast page
 

Security Breach at Steam

Author
Barakkus
#1 - 2011-11-11 04:11:42 UTC
I got this after playing Homefront tonight:


"November 10th, 2011
Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe."

I would highly recommend changing your passwords and credit card information.

http://youtu.be/yytbDZrw1jc

The Archetect
Toxic Squadron
Northern Coalition.
#2 - 2011-11-11 04:35:26 UTC
Not cool bro...
Barakkus
#3 - 2011-11-11 05:37:08 UTC
Yup, not liking this, changed my password already, going to call the bank tomorrow.

It will be months before they start using credit card numbers, or sell them, so you have a little time, but it will be pretty bad I think since there are so many people that have bought stuff off steam, CoD crowd and BF3 crowd in particular. Even if the stuff is encrypted, doesn't mean they can't crack it.

http://youtu.be/yytbDZrw1jc

Zions Child
Higashikata Industries
#4 - 2011-11-11 05:59:24 UTC
It would have been nice if they told us who may have been affected, although I have not yet gotten that e-mail.
Taedrin
Federal Navy Academy
Gallente Federation
#5 - 2011-11-11 06:36:51 UTC
Zions Child wrote:
It would have been nice if they told us who may have been affected, although I have not yet gotten that e-mail.


They likely do not know yet. At least, this is presuming that they are telling us as soon as they discovered the incident.
Lutz Major
Austriae Est Imperare Orbi Universo
#6 - 2011-11-11 07:26:45 UTC
Zions Child wrote:
It would have been nice if they told us who may have been affected, although I have not yet gotten that e-mail.

The message also appears when you want to access their forums.
Good thing, that I always paid via PayPal Big smileSad
XIRUSPHERE
In Bacon We Trust
#7 - 2011-11-11 07:26:50 UTC
Just saw it, just changed my details. Honestly the straw that breaks the camels back at this point, it was getting old dealing with having the client manifest itself as a resource hogging store front to even use the software you buy while they pocket huge dividends. Guess they didn't spend much of that on actually keeping stuff locked down just like sony.

Going to avoid using steam like the plague now.

The advantage of a bad memory is that one can enjoy the same good things for the first time several times.

One will rarely err if extreme actions be ascribed to vanity, ordinary actions to habit, and mean actions to fear.

Shivus Tao
Brutor Tribe
Minmatar Republic
#8 - 2011-11-11 07:45:13 UTC
XIRUSPHERE wrote:
Just saw it, just changed my details. Honestly the straw that breaks the camels back at this point, it was getting old dealing with having the client manifest itself as a resource hogging store front to even use the software you buy while they pocket huge dividends. Guess they didn't spend much of that on actually keeping stuff locked down just like sony.

Going to avoid using steam like the plague now.


Except that they actually encrypted passwords, unlike sony. This is to be expected with commerce rapidly expanding into cyberspace, and will become more commonplace in the coming years.

Enjoy not being able to play new games anymore since pretty much everything goes through steam now.
Jenn Makanen
Doomheim
#9 - 2011-11-11 11:01:10 UTC
Shivus Tao wrote:
XIRUSPHERE wrote:
Just saw it, just changed my details. Honestly the straw that breaks the camels back at this point, it was getting old dealing with having the client manifest itself as a resource hogging store front to even use the software you buy while they pocket huge dividends. Guess they didn't spend much of that on actually keeping stuff locked down just like sony.

Going to avoid using steam like the plague now.


Except that they actually encrypted passwords, unlike sony. This is to be expected with commerce rapidly expanding into cyberspace, and will become more commonplace in the coming years.

Enjoy not being able to play new games anymore since pretty much everything goes through steam now.


Encrypted and salted. Makes a world of difference adding a salt to it. Hopefully they used a two part salt, one purely in the applications, and one in the db, but even just a db based one helps. Smile
Alain Kinsella
#10 - 2011-11-11 11:56:46 UTC
Thanks for the heads-up. I don't visit Steam as often as I used to, and don't even have it installed on the new HDD right now (out of lazyness - and lack of time - not protest).

I need to have my cards converted to the new bank anyway, or switch to PayPal.

"The Meta Game does not stop at the game. Ever."

Currently Retired / Semi-Casual (pending changes to RL concerns).

luZk
Fivrelde Corp
#11 - 2011-11-11 12:12:21 UTC
Thanks for the heads up Barakkus.

This is why I never ever press the "save pw or credit card information" and use different pw's for everything.
Who would have know beeing paranoid finally paid off.

http://i.imgur.com/1dl4DM6.jpg

Barakkus
#12 - 2011-11-11 13:08:58 UTC
35 million subscribers I guess
http://www.databreaches.net/?p=21478

Who knows how many now that they are selling MW3 and BF3. I would venture a guess at half the EVE community if not more bought BF3.

http://youtu.be/yytbDZrw1jc

Abrazzar
Vardaugas Family
#13 - 2011-11-11 14:25:30 UTC
And this is why forcing people to use steam is bad, Bethesda.
Kengutsi Akira
Doomheim
#14 - 2011-11-11 14:44:06 UTC  |  Edited by: Kengutsi Akira
Would be nice if Steam did like everyone else does when that happens and offers a couple months of free identity theft insurance protection cause they were liable for using ****** security

Abrazzar wrote:
And this is why forcing people to use steam is bad, Bethesda.


and Paradox, and Kerberos and hundreds of others

"Is it fair that CCP can get away with..." :: checks ownership on the box ::

Yes

BrundleMeth
State War Academy
Caldari State
#15 - 2011-11-11 14:55:08 UTC
PayPal FTW.... Until they get hacked....
Barakkus
#16 - 2011-11-11 15:00:01 UTC
Abrazzar wrote:
And this is why forcing people to use steam is bad, Bethesda.


Yeah, I don't really like having to use steam, I don't like the fact that I have to have an internet connection to play games that don't require one for single player. I also don't like the idea if they ever go out of business, I will more than likely lose access to all the games I've purchased through them.

http://youtu.be/yytbDZrw1jc

Barakkus
#17 - 2011-11-11 15:03:27 UTC
I predict a number of account compromises for EVE since a number of people got EVE through Steam.

http://youtu.be/yytbDZrw1jc

stoicfaux
#18 - 2011-11-11 15:06:35 UTC
Guess it's time to start using one time credit card numbers for purchases.

Pon Farr Memorial: once every 7 years, all the carebears in high-sec must PvP or they will be temp-banned.

Barakkus
#19 - 2011-11-11 15:09:01 UTC
BrundleMeth wrote:
PayPal FTW.... Until they get hacked....


They have been hacked in the past.

http://youtu.be/yytbDZrw1jc

Enik3
Pyke Syndicate
Solyaris Chtonium
#20 - 2011-11-11 15:19:17 UTC  |  Edited by: Enik3
Gabe Newall has indicated that AES256 encryption was used on sensitive information, so there's very little to worry about if that's true.

I have far more faith in the security layers at a premier e-commerce company like Steam than I do in, say, ANY government agency. I'm pretty sure the average person's personal data is much more exposed in other places.
123Next pageLast page