A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were compromised in a defacement attack on the Steam forums this Sunday.
Now you can get the top stories from Kotaku delivered to your inbox. Enter your email below.
By subscribing you agree to our Terms of Use and Privacy Policy.
A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were compromised in a defacement attack on the Steam forums this Sunday.
The Cheapest NBN 1000 Plans
Looking to bump up your internet connection and save a few bucks? Here are the cheapest plans available.
I really should. I used to have one 5ish years ago for eBay, but when I stopped using eBay, I stopped using PayPal. I’ve moved a few times since then and changed my bank accounts. But if my PayPal account still exists then I suppose I can update all that.
Of course now they would need your email details as well to access your account from a new computer ID. If it’s been activated.
More proof that PC gamers are FAR more mature that die-hard console gamers.
Steam hacked; People worried, upset most certainly, but not venting their anger on how shit their fave service suddenly became.
360 hacked; MICROSOFT SUCKS I’M BUY1NGGGHHH A PS THWEEEEE
PS3 hacked; SONY SUCKS I’M BUYING AN EX BAWKSS.
I’m taking a shot at nobody; look at the comments regarding console hacking incidents and tell me that I am wrong, a-train.
You are wrong – I see panic attacks on any service from consoles to PCs to whatever-service-one-is-able-to-enter-credit-card-info.
If you are going to be selective with your faces (or forum posts) keep your comments to yourself.
Oh, it’s bound to happen everywhere information is compromised. Panic attacks are understandable.
But whenever a console service is hacked they are so quick to renounce their love for the platform and suddenly hate everything about it. My entire point is that PC gamers are more mature about the problem than most console gamers.
When PS3 was hacked, the most common opinion I found was “SONY SUCK AND THEY DIDNT MAKE THERE PS3 SECURE ENUF”
When Xbox is hacked, users are “MICROSOFT SUC–unless they give me some compensation, I’M GOING TO SOMETHING ELSE”
Keep my comments to myself? WiseHacker, so long as there is a public comments section that encourages feedback and opinion, I will continue to provide mine.
“My entire point is that PC gamers are more mature about the problem than most console gamers.”
Again you are wrong. PC gamers *are just as bad* as console gamers. Just because you game on a PC or use PC based services does not make you more mature.
In fact, given the excessive elitism that comes from PC gamers and their constant ranting and attempt to scape goat console as the reason games are deteriorating actually proves the opposite.
Finally, while it is true that this is a public forum, you are still excepted to show some common sense. What you are doing is borderline trolling – your comments are faceless and appear only serve to cause a reaction.
>Again you are wrong. PC gamers *are just as bad* as console gamers. Just because you game on a PC or use PC based services does not make you more mature.
What? That’s not what he said. He said PC gamers are more mature based on their reaction to SECURITY COMPROMISED, compared to the same scenario that happened to the console crowds.
He never mentioned PC based services or whatnot.
This. Thank you, [Razor]. This is exactly it; I was not referring to the actual gamers but their reaction to events such as this.
Just as bad, huh? Okay, then show me all of the people raging and saying how bad Steam is, how insecure it is and how they’ll never use it again (only to go back once the situation is resolved)?
I fail to see many of those at all, much less the number of them in comparison to console gaming failures.
I’ll just preemptively say that I’m not a PC elitist; I game on several platforms and I couldn’t be bothered regarding any hacking incident. I either use Paypal or I use prepaid cards :\ If my account is taken on anything I can just get it back, problem solved.
“and their constant ranting and attempt to scape goat console as the reason games are deteriorating actually proves the opposite.”
Far fewer of these than console kiddies that always change their mind on their fave device and service.
I have a lot of common sense, actually, and I’m merely showing a lot of people’s opinions on the matter in that, if you went and actually looked on most sites with a public forum and dug up articles on, for instance, the Xbox Live breach re FIFA and then both PS3 hacking incidents they will only prove my claims.
You still claim that reactions from PC gamers are more mature. Sorry but I have seen it equal from all sides. XBox 360 users will whine. PSN users will cry foal. And PC gamers will also vent their outrage. There is no difference in maturity – there are always going to be cry babies not matter what the service is.
To say that PC gamers react in a more mature manner than console gamers is in fact taking a cheap shot with a baseless fact. Your mentioning of the PSN incident in April does not prove your claim. People were outraged at the fact that Sony took so long to admit they had been compromised and had not been using proper data security measures. The outrage is justified as Sony were arrogant enough to think elaborate firewalls were a good substitute for strong encryption measures.
Not at all. Look at the comments here, for instance. I don’t see any person all-caps-raging about how they’ll never touch Steam gaming again for the rest of their lives. THAT kind of reaction is all-too-common on console platforms.
Xbox 360 users ALWAYS whine. They’re not the smartest bunch to begin with anyway (that was directed at die-hard fanboys moreso than anyone that uses them).
> The outrage is justified as Sony were arrogant enough to think elaborate firewalls were a good substitute for strong encryption measures.
Sony weren’t arrogant; their strategy actually Worked for five years, which is a Very impressive duration of nigh-flawless security, especially given that the Xbox 360 didn’t even get five months of user account security, but let’s go back on topic.
This isn’t about how companies handle security, it’s about how people Reacted to the incidents. You still have not managed to disprove my claim that console gamers reacted like little children while PC gamers, while surprised and somewhat troubled, are mostly calm and collected about all of this. You claim I’m using baseless facts where I have already stated that should you do some research and read people’s reactions to the incidents, while PC gamers would be outraged they HAVE, in fact, handled this in a more mature manner than Xbox and PS3 gamers. I did not say they wouldn’t be upset about it all, once again, I’ve said they’re handling this in a more mature manner than the others have. Since you cannot prove me wrong on my central point, I think you should just stop talking now; you’re looking pretty dumb.
Really, the vast majority of PS3, PC and Xbox gamers are all mature, it’s just that the consoles’ vocal, immature minority are larger (and somewhat more vocal) than the PC’s vocal, immature minority, which would be due to things like the entry barrier for console gaming being lower than PC gaming, meaning more people (both mature and immature) on those platforms, and more kids-teens too (they tend to be the most immature).
Sorry, Pariah, but I do not work when bated. Go ahead, say I look dumb as much as you like. I have been treated worse. It is not going to change the fact they there is no correctness to claims.
You made a cheap shot and that is where I am ending this. I have better things to do than listen to what is officially trolling.
Lol Wise, I’m really loving how this entire time you have either completely missed my point or stupidly ignored it.
How about I settle this. Douche bags are Douche bags. All platforms have douche bags. Playing an elitist master race member of any kind regardless of your platform just makes you look like a tool.
“How about I settle this. Douche bags are Douche bags. All platforms have douche bags. ”
Thankyou, Blood Apathy. That is exactly what I was getting at. They are everywhere and it is ridiculous to say Platform X has less than Platform Y.
Also, you’re avatar is badass, Blood Angels FTW!
im going to point out at this point that the most heated words typed in anger in this comment section is not directed at steam….but at each other about “baseless accusations”. now globally im not sure that i care to judge whether this group is representiive of a pc gaming whole as it were but given the current datapool ie. this comments section; i would say that pariah’s comments look justified.
having said that of corse as noone is willing to collect any data beond this forum or collate it one can safely say that your both idiots shut up and noone cares. at most if someone DID go to all the effort to prove pc gamer reactions as a whole were more mature the most reaction you would get out of 90% of us is “fair enough now if youll excuse me i need to go and play a game on any one of my many consoles and pcs.”
Nah it proves that mature people are more mature than immature people though I suspect we already knew that.
This is why I only use a debit card and only transfer the money I need into the account when it is used.
Used to use it, just was alot easier to use the debit card and transfer amounts in and out of it as needed and seemed just as secure. Beside, although it is becoming more widely used, Paypal is not accepted everywhere.
Sadly, that is the case. But when it is there, I tend to use it for the buyer protection.
I fail to see how transferring amounts is secure. Certainly, the account would be empty and you could just go the the trouble of waiting for all the details to be changed if anything does happen, but they gain the ability to potentially take cash if you left any in there at all.
With Paypal on a service that doesn’t happen. When the option is there you should consider using it. And as WiseHacker said, it’s a good idea to use it for buyer protection.
10 November 2011
Dear Steam Users and Steam Forum Users:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
tl;dr It was just the forums that got hacked, not Steam itself, and anything important was encrypted. Just make sure to change your Steam password if you used the same username and password between the two.
wait, did I miss something? it was only 8 months ago ppl were saying only consoles get hacked due to “bad” security.
but according to the email even if they got everything all the important stuff was encrypted and salted so even though im disappointed that they got hacked im glad that they encrypted everything so there is a chance that everything they got will be useless
yeah atleast they didn’t have all their credit card info in a plain text file *cough*sony*cough*
I still can’t say I’m too worried. Ever if someone had my steam account name and password, they’d still need my email address and it’s password, cause I’ve got steam guard on.
Plus I’m usually connected to steam anyway, so would notice if someone kicked me off.
what doucher attacks steam, i’m not saying that its ok to hack any gaming service or platform but really? the funny thing is the people doing all this hacking probably enjoy the same or similar services they try to deface/destroy.
They have to by law – they need to keep proof of all transactions so they can prove they are not trying to evade playing taxes, etc.
How long they can keep the information for varies, come indefinitely, some only seven years. Depends on the law in the region and the business in question.
This is indeed worrisome for some. I’m glad I made my details for the forums completely different to my account details and I use steam guard.
Not good and completely unacceptable steam. I cant purcahse online if i cant trust the system.
Information and knowledge is power in this day and age.
For those of you using PayPal (and Google), it’s best to turn on the 2-factor authentication for increased security.
Yes, I read that, but WHY hasn’t Valve contacted their customers directly, we have a right to know if our credit card details have been compromised; encryption or not.
I shouldn’t have to find out that information in a comment on a news forum, they should have emailed it directly to me.
An incident on the scale of the PSN one will not likely occur on Steam.
All the same, let’s not jinx it! I swear the more we talk about it, the worse it may become.
/puts conspiracy hat on
Hmm it all seems too convenient. It seems weird too that no one has mentioned aliens maybe EA are aliens.
/takes conspiracy hat off and gets back to work
Remember all the backlash and rage directed at Sony when it happened to PSN? I guarantee you that won’t happen with Steam.
I distinctly remember in the wake of the PSN breach, all the Xbox and PC fanbois crowing that this would never ever happen to them, because PSN’s security sucks, and their respective service’s (XBL and Steam) security didn’t.
No system is unhackable, it just depends who’s doing it, and how talented and determined they are.
I hope this just makes people more security aware at the end of the day, if that’s the only good thing that can come from these hacking incidents – that’s something right?
It may still happen. If people can whine, they will whine.
The only difference I can see is that Steam made a serious effort to keep data secure.
PSN on the other hand was so lax it was impossible to believe when the word came out. Personally, I though I was herding a late and bad April Fools joke when I heard of the protection measures Sony (did not) have.
I guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance. (that old ‘if it’s happening to someone else it’s not happening to me’ thing) But instead should go be saying ‘Oh shit, that’s scary – I’m going to be extra careful from now on to ensure this doesn’t happen to me.’
I hope now that Steam’s been compromised it just makes people more aware that it can happen to anyone. Change your passwords regularly, use double security where possible, or indirect payment methods such as PayPal.
“I guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance.”
Do not hold your breath. As long as their are fanboys and fangirls out there it is always gonna happen.
That is the nature of a fan person – they are everywhere.
Why is there nothing on the Steam site about this?
Why did it take them FOUR DAYS to send out that letter, and who did they send it out to? This is the first I’ve heard of it and although I don’t use the forums my credit card info is stored in my account.
This seems like pretty poor form on Valve’s part.
Their forums were defaced on the 6th, they investigated the source and saw that a lot more then the forums were hacked. Gabe came out and said ‘Hey we got hacked I’m sorry we’ll fix it’, I think thats pretty good service.
Could be worse, they could have done a Sony: lock down the service without explanation and then admit the breach around a week or so later.
So four days while undesirable is still far better than a week. I personally prefer an immediate response, but that gives rise to false positives. If Compony X stated they had a breach and the next morning found it to be a false alarm, how do you think the public will react?
It seems the message that Cerzel posted is just on the forum page. Seems like something should have been posted somewhere more prominant, for those of us who don’t frequent the forums.
Interesting fact for anyone who’s interested – I just changed my Steam password via the client, and also saw my credit card details were still saved. I logged out and logged back in with my new password, and went to remove my CC details, and it would appear they’re already removed. Has Steam removed them for me? If so, that’s a smart move on their part.
Can anyone else confirm?
It’s only a matter of time before all of this becomes a media circus again, and people jumping to conclusions before they even have any idea of what’s going on. Hopefully im not one of those people affected, but i should probably look into using paypal for online purchases just to be on the safe side now
If you’re over 16 and live in Australia, then complete this survey for your chance to win a Prezzee voucher redeemable at brands like JB Hi-Fi, PlayStation Store and Xbox.
Leave a Reply