A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were compromised in a defacement attack on the Steam forums this Sunday.
A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were compromised in a defacement attack on the Steam forums this Sunday.
Ruen
Friday, November 11, 2011 at 9:50 AMwell. . . Shit
Vron
Friday, November 11, 2011 at 12:34 PMWhat Forum… ? lol lucky me never tried it… :P
Stu
Friday, November 11, 2011 at 9:52 AMThis is not cool, not cool at all.
Nicholas Prior
Friday, November 11, 2011 at 9:54 AMGood thing I’ve changed my card since I’ve last used it.
Stu
Friday, November 11, 2011 at 9:58 AMI got lucky when PSN got hacked as my card had just expired. Not so lucky this time.
Pariah
Friday, November 11, 2011 at 10:15 AMDude just use Paypal. It’s much safer :\
Stu
Friday, November 11, 2011 at 11:09 AMI really should. I used to have one 5ish years ago for eBay, but when I stopped using eBay, I stopped using PayPal. I’ve moved a few times since then and changed my bank accounts. But if my PayPal account still exists then I suppose I can update all that.
Beavwa
Friday, November 11, 2011 at 9:54 AMForum accounts… Are those separate from the main steam accounts?
Aliasalpha
Friday, November 11, 2011 at 10:01 AMTechnically but a lot of people would use the same details for both
Whipp
Friday, November 11, 2011 at 10:42 AMVery thankful I didn’t use the same password now.
Also thankful that I use paypal.
Pioneer
Friday, November 11, 2011 at 12:19 PMOf course now they would need your email details as well to access your account from a new computer ID. If it’s been activated.
Pariah
Friday, November 11, 2011 at 9:57 AMMore proof that PC gamers are FAR more mature that die-hard console gamers.
Steam hacked; People worried, upset most certainly, but not venting their anger on how shit their fave service suddenly became.
360 hacked; MICROSOFT SUCKS I’M BUY1NGGGHHH A PS THWEEEEE
PS3 hacked; SONY SUCKS I’M BUYING AN EX BAWKSS.
A-Train
Friday, November 11, 2011 at 9:59 AMbecause using it to take a shot at other gamers is VERY mature…
Pariah
Friday, November 11, 2011 at 10:14 AMI’m taking a shot at nobody; look at the comments regarding console hacking incidents and tell me that I am wrong, a-train.
WiseHacker
Friday, November 11, 2011 at 10:29 AMYou are wrong – I see panic attacks on any service from consoles to PCs to whatever-service-one-is-able-to-enter-credit-card-info.
If you are going to be selective with your faces (or forum posts) keep your comments to yourself.
Pariah
Friday, November 11, 2011 at 10:37 AMOh, it’s bound to happen everywhere information is compromised. Panic attacks are understandable.
But whenever a console service is hacked they are so quick to renounce their love for the platform and suddenly hate everything about it. My entire point is that PC gamers are more mature about the problem than most console gamers.
When PS3 was hacked, the most common opinion I found was “SONY SUCK AND THEY DIDNT MAKE THERE PS3 SECURE ENUF”
When Xbox is hacked, users are “MICROSOFT SUC–unless they give me some compensation, I’M GOING TO SOMETHING ELSE”
Keep my comments to myself? WiseHacker, so long as there is a public comments section that encourages feedback and opinion, I will continue to provide mine.
WiseHacker
Friday, November 11, 2011 at 10:41 AM“My entire point is that PC gamers are more mature about the problem than most console gamers.”
Again you are wrong. PC gamers *are just as bad* as console gamers. Just because you game on a PC or use PC based services does not make you more mature.
In fact, given the excessive elitism that comes from PC gamers and their constant ranting and attempt to scape goat console as the reason games are deteriorating actually proves the opposite.
Finally, while it is true that this is a public forum, you are still excepted to show some common sense. What you are doing is borderline trolling – your comments are faceless and appear only serve to cause a reaction.
[Razor]
Friday, November 11, 2011 at 10:48 AM>Again you are wrong. PC gamers *are just as bad* as console gamers. Just because you game on a PC or use PC based services does not make you more mature.
What? That’s not what he said. He said PC gamers are more mature based on their reaction to SECURITY COMPROMISED, compared to the same scenario that happened to the console crowds.
He never mentioned PC based services or whatnot.
Pariah
Friday, November 11, 2011 at 10:55 AMThis. Thank you, [Razor]. This is exactly it; I was not referring to the actual gamers but their reaction to events such as this.
Pariah
Friday, November 11, 2011 at 10:53 AMJust as bad, huh? Okay, then show me all of the people raging and saying how bad Steam is, how insecure it is and how they’ll never use it again (only to go back once the situation is resolved)?
I fail to see many of those at all, much less the number of them in comparison to console gaming failures.
I’ll just preemptively say that I’m not a PC elitist; I game on several platforms and I couldn’t be bothered regarding any hacking incident. I either use Paypal or I use prepaid cards :\ If my account is taken on anything I can just get it back, problem solved.
“and their constant ranting and attempt to scape goat console as the reason games are deteriorating actually proves the opposite.”
Far fewer of these than console kiddies that always change their mind on their fave device and service.
I have a lot of common sense, actually, and I’m merely showing a lot of people’s opinions on the matter in that, if you went and actually looked on most sites with a public forum and dug up articles on, for instance, the Xbox Live breach re FIFA and then both PS3 hacking incidents they will only prove my claims.
WiseHacker
Friday, November 11, 2011 at 11:08 AMYou still claim that reactions from PC gamers are more mature. Sorry but I have seen it equal from all sides. XBox 360 users will whine. PSN users will cry foal. And PC gamers will also vent their outrage. There is no difference in maturity – there are always going to be cry babies not matter what the service is.
To say that PC gamers react in a more mature manner than console gamers is in fact taking a cheap shot with a baseless fact. Your mentioning of the PSN incident in April does not prove your claim. People were outraged at the fact that Sony took so long to admit they had been compromised and had not been using proper data security measures. The outrage is justified as Sony were arrogant enough to think elaborate firewalls were a good substitute for strong encryption measures.
Pariah
Friday, November 11, 2011 at 11:40 AMNot at all. Look at the comments here, for instance. I don’t see any person all-caps-raging about how they’ll never touch Steam gaming again for the rest of their lives. THAT kind of reaction is all-too-common on console platforms.
Xbox 360 users ALWAYS whine. They’re not the smartest bunch to begin with anyway (that was directed at die-hard fanboys moreso than anyone that uses them).
> The outrage is justified as Sony were arrogant enough to think elaborate firewalls were a good substitute for strong encryption measures.
Sony weren’t arrogant; their strategy actually Worked for five years, which is a Very impressive duration of nigh-flawless security, especially given that the Xbox 360 didn’t even get five months of user account security, but let’s go back on topic.
This isn’t about how companies handle security, it’s about how people Reacted to the incidents. You still have not managed to disprove my claim that console gamers reacted like little children while PC gamers, while surprised and somewhat troubled, are mostly calm and collected about all of this. You claim I’m using baseless facts where I have already stated that should you do some research and read people’s reactions to the incidents, while PC gamers would be outraged they HAVE, in fact, handled this in a more mature manner than Xbox and PS3 gamers. I did not say they wouldn’t be upset about it all, once again, I’ve said they’re handling this in a more mature manner than the others have. Since you cannot prove me wrong on my central point, I think you should just stop talking now; you’re looking pretty dumb.
lambomann007
Friday, November 11, 2011 at 11:49 AMReally, the vast majority of PS3, PC and Xbox gamers are all mature, it’s just that the consoles’ vocal, immature minority are larger (and somewhat more vocal) than the PC’s vocal, immature minority, which would be due to things like the entry barrier for console gaming being lower than PC gaming, meaning more people (both mature and immature) on those platforms, and more kids-teens too (they tend to be the most immature).
WiseHacker
Friday, November 11, 2011 at 11:50 AMSorry, Pariah, but I do not work when bated. Go ahead, say I look dumb as much as you like. I have been treated worse. It is not going to change the fact they there is no correctness to claims.
You made a cheap shot and that is where I am ending this. I have better things to do than listen to what is officially trolling.
Pariah
Friday, November 11, 2011 at 3:19 PMLol Wise, I’m really loving how this entire time you have either completely missed my point or stupidly ignored it.
Blood Apathy
Friday, November 11, 2011 at 11:51 AMHow about I settle this. Douche bags are Douche bags. All platforms have douche bags. Playing an elitist master race member of any kind regardless of your platform just makes you look like a tool.
WiseHacker
Friday, November 11, 2011 at 11:57 AM“How about I settle this. Douche bags are Douche bags. All platforms have douche bags. ”
Thankyou, Blood Apathy. That is exactly what I was getting at. They are everywhere and it is ridiculous to say Platform X has less than Platform Y.
Aaron
Friday, November 11, 2011 at 6:14 PMAlso, you’re avatar is badass, Blood Angels FTW!
Will
Saturday, November 12, 2011 at 2:47 AMim going to point out at this point that the most heated words typed in anger in this comment section is not directed at steam….but at each other about “baseless accusations”. now globally im not sure that i care to judge whether this group is representiive of a pc gaming whole as it were but given the current datapool ie. this comments section; i would say that pariah’s comments look justified.
having said that of corse as noone is willing to collect any data beond this forum or collate it one can safely say that your both idiots shut up and noone cares. at most if someone DID go to all the effort to prove pc gamer reactions as a whole were more mature the most reaction you would get out of 90% of us is “fair enough now if youll excuse me i need to go and play a game on any one of my many consoles and pcs.”
Aliasalpha
Friday, November 11, 2011 at 10:03 AMNah it proves that mature people are more mature than immature people though I suspect we already knew that.
Pariah
Friday, November 11, 2011 at 10:38 AMOf course; it’s common knowledge xD
UberRoxor
Friday, November 11, 2011 at 11:22 AMLet’s just remember that it was a PC user that did this…
Lanky Mikey
Friday, November 11, 2011 at 9:58 AMWell as the owner of a VISA Debit card I better start moving some money around.
GentlemanJ
Friday, November 11, 2011 at 10:01 AMThis is why I only use a debit card and only transfer the money I need into the account when it is used.
Aliasalpha
Friday, November 11, 2011 at 10:02 AMIts why I only use paypal
Pariah
Friday, November 11, 2011 at 10:14 AM+1 on the Paypal user count.
GentlemanJ
Friday, November 11, 2011 at 10:30 AMUsed to use it, just was alot easier to use the debit card and transfer amounts in and out of it as needed and seemed just as secure. Beside, although it is becoming more widely used, Paypal is not accepted everywhere.
WiseHacker
Friday, November 11, 2011 at 10:38 AMSadly, that is the case. But when it is there, I tend to use it for the buyer protection.
Pariah
Friday, November 11, 2011 at 10:43 AMI fail to see how transferring amounts is secure. Certainly, the account would be empty and you could just go the the trouble of waiting for all the details to be changed if anything does happen, but they gain the ability to potentially take cash if you left any in there at all.
With Paypal on a service that doesn’t happen. When the option is there you should consider using it. And as WiseHacker said, it’s a good idea to use it for buyer protection.
Cerzel
Friday, November 11, 2011 at 10:03 AM10 November 2011
Dear Steam Users and Steam Forum Users:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
tl;dr It was just the forums that got hacked, not Steam itself, and anything important was encrypted. Just make sure to change your Steam password if you used the same username and password between the two.
blaze0041
Friday, November 11, 2011 at 10:55 AMA bit silly that this article itself doesn’t have the actual letter itself.
DansDans
Friday, November 11, 2011 at 10:11 AMwait, did I miss something? it was only 8 months ago ppl were saying only consoles get hacked due to “bad” security.
dfgd
Friday, November 11, 2011 at 10:16 AMbut according to the email even if they got everything all the important stuff was encrypted and salted so even though im disappointed that they got hacked im glad that they encrypted everything so there is a chance that everything they got will be useless
Bird Evil
Friday, November 11, 2011 at 10:25 AMyeah atleast they didn’t have all their credit card info in a plain text file *cough*sony*cough*
DansDans
Friday, November 11, 2011 at 6:11 PMNeither did Sony *cough*troll*cough*
dfgd
Friday, November 11, 2011 at 10:12 AMok seriously. This is getting ridiculous.
Stevorooni
Friday, November 11, 2011 at 10:16 AMI don’t even have a Steam Forum account and I’ve only ever used paypal.
BearBlaster
Friday, November 11, 2011 at 10:47 AMMe too. We should be safe, Steve.
Ben
Friday, November 11, 2011 at 10:16 AMI still can’t say I’m too worried. Ever if someone had my steam account name and password, they’d still need my email address and it’s password, cause I’ve got steam guard on.
Plus I’m usually connected to steam anyway, so would notice if someone kicked me off.
Pariah
Friday, November 11, 2011 at 10:39 AMThis. Steam Guard + Paypal.
canttouchthis.gif
Meowgravy
Friday, November 11, 2011 at 10:20 AMAnd heres why gaming isnt going digital only in the future anytime soon.
Di11enger
Friday, November 11, 2011 at 10:25 AMwhat doucher attacks steam, i’m not saying that its ok to hack any gaming service or platform but really? the funny thing is the people doing all this hacking probably enjoy the same or similar services they try to deface/destroy.
Michael
Friday, November 11, 2011 at 10:30 AMWould you be safe if you didn’t save your details?
Whipp
Friday, November 11, 2011 at 10:44 AMWhat I don’t understand is why companies need to keep credit card details.
WiseHacker
Friday, November 11, 2011 at 10:59 AMThey have to by law – they need to keep proof of all transactions so they can prove they are not trying to evade playing taxes, etc.
How long they can keep the information for varies, come indefinitely, some only seven years. Depends on the law in the region and the business in question.
Chazz
Friday, November 11, 2011 at 10:46 AMThis is indeed worrisome for some. I’m glad I made my details for the forums completely different to my account details and I use steam guard.
MikeZdoesit
Friday, November 11, 2011 at 10:52 AMNot good and completely unacceptable steam. I cant purcahse online if i cant trust the system.
blaze0041
Friday, November 11, 2011 at 10:52 AMInformation and knowledge is power in this day and age.
For those of you using PayPal (and Google), it’s best to turn on the 2-factor authentication for increased security.
Akra
Friday, November 11, 2011 at 10:54 AMWhy hasn’t valve personally contacted customers about this?
Pariah
Friday, November 11, 2011 at 10:58 AMhttp://www.kotaku.com.au/2011/11/steam-hacked-valve-investigating-possible-credit-card-theft/#comment-435746
Akra
Friday, November 11, 2011 at 11:03 AMYes, I read that, but WHY hasn’t Valve contacted their customers directly, we have a right to know if our credit card details have been compromised; encryption or not.
I shouldn’t have to find out that information in a comment on a news forum, they should have emailed it directly to me.
WiseHacker
Friday, November 11, 2011 at 11:10 AMDon’t jinx it! Last we need is another PSN incident.
Pariah
Friday, November 11, 2011 at 11:41 AMAn incident on the scale of the PSN one will not likely occur on Steam.
WiseHacker
Friday, November 11, 2011 at 11:43 AMAll the same, let’s not jinx it! I swear the more we talk about it, the worse it may become.
RobbyM
Friday, November 11, 2011 at 10:57 AMto get the conspiracy nuts going – could EA be behind the hack?
dfgd
Friday, November 11, 2011 at 11:03 AM/puts conspiracy hat on
Hmm it all seems too convenient. It seems weird too that no one has mentioned aliens maybe EA are aliens.
/takes conspiracy hat off and gets back to work
Chazz
Friday, November 11, 2011 at 11:17 AMhttp://img443.imageshack.us/img443/191/steamhacked.jpg
bjg
Friday, November 11, 2011 at 11:07 AM*sniff* sniff* I smell class action suite.
WiseHacker
Friday, November 11, 2011 at 11:26 AMNope. That was my bacon and bean sandwich.
Ynefel
Friday, November 11, 2011 at 11:29 AMRemember all the backlash and rage directed at Sony when it happened to PSN? I guarantee you that won’t happen with Steam.
I distinctly remember in the wake of the PSN breach, all the Xbox and PC fanbois crowing that this would never ever happen to them, because PSN’s security sucks, and their respective service’s (XBL and Steam) security didn’t.
No system is unhackable, it just depends who’s doing it, and how talented and determined they are.
I hope this just makes people more security aware at the end of the day, if that’s the only good thing that can come from these hacking incidents – that’s something right?
WiseHacker
Friday, November 11, 2011 at 11:39 AMIt may still happen. If people can whine, they will whine.
The only difference I can see is that Steam made a serious effort to keep data secure.
PSN on the other hand was so lax it was impossible to believe when the word came out. Personally, I though I was herding a late and bad April Fools joke when I heard of the protection measures Sony (did not) have.
Ynefel
Friday, November 11, 2011 at 11:46 AMI guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance. (that old ‘if it’s happening to someone else it’s not happening to me’ thing) But instead should go be saying ‘Oh shit, that’s scary – I’m going to be extra careful from now on to ensure this doesn’t happen to me.’
I hope now that Steam’s been compromised it just makes people more aware that it can happen to anyone. Change your passwords regularly, use double security where possible, or indirect payment methods such as PayPal.
WiseHacker
Friday, November 11, 2011 at 11:53 AM“I guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance.”
Do not hold your breath. As long as their are fanboys and fangirls out there it is always gonna happen.
That is the nature of a fan person – they are everywhere.
Parker
Friday, November 11, 2011 at 11:29 AMWhy is there nothing on the Steam site about this?
Why did it take them FOUR DAYS to send out that letter, and who did they send it out to? This is the first I’ve heard of it and although I don’t use the forums my credit card info is stored in my account.
This seems like pretty poor form on Valve’s part.
Lawkeeee
Friday, November 11, 2011 at 11:39 AMTheir forums were defaced on the 6th, they investigated the source and saw that a lot more then the forums were hacked. Gabe came out and said ‘Hey we got hacked I’m sorry we’ll fix it’, I think thats pretty good service.
WiseHacker
Friday, November 11, 2011 at 11:41 AMCould be worse, they could have done a Sony: lock down the service without explanation and then admit the breach around a week or so later.
So four days while undesirable is still far better than a week. I personally prefer an immediate response, but that gives rise to false positives. If Compony X stated they had a breach and the next morning found it to be a false alarm, how do you think the public will react?
Parker
Friday, November 11, 2011 at 11:50 AMIt seems the message that Cerzel posted is just on the forum page. Seems like something should have been posted somewhere more prominant, for those of us who don’t frequent the forums.
Ynefel
Friday, November 11, 2011 at 11:49 AMInteresting fact for anyone who’s interested – I just changed my Steam password via the client, and also saw my credit card details were still saved. I logged out and logged back in with my new password, and went to remove my CC details, and it would appear they’re already removed. Has Steam removed them for me? If so, that’s a smart move on their part.
Can anyone else confirm?
Pioneer
Friday, November 11, 2011 at 12:22 PMAlas I stand to lose $98!