Steam Hacked, Valve Investigating Possible Credit Card Theft

A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were compromised in a defacement attack on the Steam forums this Sunday.


Comments

    well. . . Shit

      What Forum... ? lol lucky me never tried it... :P

    This is not cool, not cool at all.

      Good thing I've changed my card since I've last used it.

        I got lucky when PSN got hacked as my card had just expired. Not so lucky this time.

          Dude just use Paypal. It's much safer :\

            I really should. I used to have one 5ish years ago for eBay, but when I stopped using eBay, I stopped using PayPal. I've moved a few times since then and changed my bank accounts. But if my PayPal account still exists then I suppose I can update all that.

    Forum accounts... Are those separate from the main steam accounts?

      Technically but a lot of people would use the same details for both

        Very thankful I didn't use the same password now.

        Also thankful that I use paypal.

        Of course now they would need your email details as well to access your account from a new computer ID. If it's been activated.

    More proof that PC gamers are FAR more mature that die-hard console gamers.

    Steam hacked; People worried, upset most certainly, but not venting their anger on how shit their fave service suddenly became.

    360 hacked; MICROSOFT SUCKS I'M BUY1NGGGHHH A PS THWEEEEE

    PS3 hacked; SONY SUCKS I'M BUYING AN EX BAWKSS.

      because using it to take a shot at other gamers is VERY mature...

        I'm taking a shot at nobody; look at the comments regarding console hacking incidents and tell me that I am wrong, a-train.

          You are wrong - I see panic attacks on any service from consoles to PCs to whatever-service-one-is-able-to-enter-credit-card-info.

          If you are going to be selective with your faces (or forum posts) keep your comments to yourself.

            Oh, it's bound to happen everywhere information is compromised. Panic attacks are understandable.

            But whenever a console service is hacked they are so quick to renounce their love for the platform and suddenly hate everything about it. My entire point is that PC gamers are more mature about the problem than most console gamers.

            When PS3 was hacked, the most common opinion I found was "SONY SUCK AND THEY DIDNT MAKE THERE PS3 SECURE ENUF"

            When Xbox is hacked, users are "MICROSOFT SUC--unless they give me some compensation, I'M GOING TO SOMETHING ELSE"

            Keep my comments to myself? WiseHacker, so long as there is a public comments section that encourages feedback and opinion, I will continue to provide mine.

              "My entire point is that PC gamers are more mature about the problem than most console gamers."

              Again you are wrong. PC gamers *are just as bad* as console gamers. Just because you game on a PC or use PC based services does not make you more mature.

              In fact, given the excessive elitism that comes from PC gamers and their constant ranting and attempt to scape goat console as the reason games are deteriorating actually proves the opposite.

              Finally, while it is true that this is a public forum, you are still excepted to show some common sense. What you are doing is borderline trolling - your comments are faceless and appear only serve to cause a reaction.

                >Again you are wrong. PC gamers *are just as bad* as console gamers. Just because you game on a PC or use PC based services does not make you more mature.

                What? That's not what he said. He said PC gamers are more mature based on their reaction to SECURITY COMPROMISED, compared to the same scenario that happened to the console crowds.

                He never mentioned PC based services or whatnot.

                  This. Thank you, [Razor]. This is exactly it; I was not referring to the actual gamers but their reaction to events such as this.

                Just as bad, huh? Okay, then show me all of the people raging and saying how bad Steam is, how insecure it is and how they'll never use it again (only to go back once the situation is resolved)?

                I fail to see many of those at all, much less the number of them in comparison to console gaming failures.

                I'll just preemptively say that I'm not a PC elitist; I game on several platforms and I couldn't be bothered regarding any hacking incident. I either use Paypal or I use prepaid cards :\ If my account is taken on anything I can just get it back, problem solved.

                "and their constant ranting and attempt to scape goat console as the reason games are deteriorating actually proves the opposite."

                Far fewer of these than console kiddies that always change their mind on their fave device and service.

                I have a lot of common sense, actually, and I'm merely showing a lot of people's opinions on the matter in that, if you went and actually looked on most sites with a public forum and dug up articles on, for instance, the Xbox Live breach re FIFA and then both PS3 hacking incidents they will only prove my claims.

                  You still claim that reactions from PC gamers are more mature. Sorry but I have seen it equal from all sides. XBox 360 users will whine. PSN users will cry foal. And PC gamers will also vent their outrage. There is no difference in maturity - there are always going to be cry babies not matter what the service is.

                  To say that PC gamers react in a more mature manner than console gamers is in fact taking a cheap shot with a baseless fact. Your mentioning of the PSN incident in April does not prove your claim. People were outraged at the fact that Sony took so long to admit they had been compromised and had not been using proper data security measures. The outrage is justified as Sony were arrogant enough to think elaborate firewalls were a good substitute for strong encryption measures.

      Nah it proves that mature people are more mature than immature people though I suspect we already knew that.

        Of course; it's common knowledge xD

      Let's just remember that it was a PC user that did this...

    Well as the owner of a VISA Debit card I better start moving some money around.

    This is why I only use a debit card and only transfer the money I need into the account when it is used.

      Its why I only use paypal

        +1 on the Paypal user count.

          Used to use it, just was alot easier to use the debit card and transfer amounts in and out of it as needed and seemed just as secure. Beside, although it is becoming more widely used, Paypal is not accepted everywhere.

            Sadly, that is the case. But when it is there, I tend to use it for the buyer protection.

            I fail to see how transferring amounts is secure. Certainly, the account would be empty and you could just go the the trouble of waiting for all the details to be changed if anything does happen, but they gain the ability to potentially take cash if you left any in there at all.

            With Paypal on a service that doesn't happen. When the option is there you should consider using it. And as WiseHacker said, it's a good idea to use it for buyer protection.

    10 November 2011
    Dear Steam Users and Steam Forum Users:

    Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

    We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

    We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

    While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

    We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

    We will reopen the forums as soon as we can.

    I am truly sorry this happened, and I apologize for the inconvenience.

    Gabe.

    tl;dr It was just the forums that got hacked, not Steam itself, and anything important was encrypted. Just make sure to change your Steam password if you used the same username and password between the two.

      A bit silly that this article itself doesn't have the actual letter itself.

    wait, did I miss something? it was only 8 months ago ppl were saying only consoles get hacked due to "bad" security.

      but according to the email even if they got everything all the important stuff was encrypted and salted so even though im disappointed that they got hacked im glad that they encrypted everything so there is a chance that everything they got will be useless

        yeah atleast they didn't have all their credit card info in a plain text file *cough*sony*cough*

    ok seriously. This is getting ridiculous.

    I still can't say I'm too worried. Ever if someone had my steam account name and password, they'd still need my email address and it's password, cause I've got steam guard on.

    Plus I'm usually connected to steam anyway, so would notice if someone kicked me off.

      This. Steam Guard + Paypal.

      canttouchthis.gif

    And heres why gaming isnt going digital only in the future anytime soon.

    what doucher attacks steam, i'm not saying that its ok to hack any gaming service or platform but really? the funny thing is the people doing all this hacking probably enjoy the same or similar services they try to deface/destroy.

    Would you be safe if you didn't save your details?

    What I don't understand is why companies need to keep credit card details.

      They have to by law - they need to keep proof of all transactions so they can prove they are not trying to evade playing taxes, etc.

      How long they can keep the information for varies, come indefinitely, some only seven years. Depends on the law in the region and the business in question.

    This is indeed worrisome for some. I'm glad I made my details for the forums completely different to my account details and I use steam guard.

    Not good and completely unacceptable steam. I cant purcahse online if i cant trust the system.

    Information and knowledge is power in this day and age.
    For those of you using PayPal (and Google), it's best to turn on the 2-factor authentication for increased security.

    Why hasn't valve personally contacted customers about this?

      http://www.kotaku.com.au/2011/11/steam-hacked-valve-investigating-possible-credit-card-theft/#comment-435746

        Yes, I read that, but WHY hasn't Valve contacted their customers directly, we have a right to know if our credit card details have been compromised; encryption or not.

        I shouldn't have to find out that information in a comment on a news forum, they should have emailed it directly to me.

          Don't jinx it! Last we need is another PSN incident.

            An incident on the scale of the PSN one will not likely occur on Steam.

              All the same, let's not jinx it! I swear the more we talk about it, the worse it may become.

    to get the conspiracy nuts going - could EA be behind the hack?

      /puts conspiracy hat on

      Hmm it all seems too convenient. It seems weird too that no one has mentioned aliens maybe EA are aliens.

      /takes conspiracy hat off and gets back to work

      http://img443.imageshack.us/img443/191/steamhacked.jpg

    *sniff* sniff* I smell class action suite.

    Remember all the backlash and rage directed at Sony when it happened to PSN? I guarantee you that won't happen with Steam.

    I distinctly remember in the wake of the PSN breach, all the Xbox and PC fanbois crowing that this would never ever happen to them, because PSN's security sucks, and their respective service's (XBL and Steam) security didn't.

    No system is unhackable, it just depends who's doing it, and how talented and determined they are.

    I hope this just makes people more security aware at the end of the day, if that's the only good thing that can come from these hacking incidents - that's something right?

      It may still happen. If people can whine, they will whine.

      The only difference I can see is that Steam made a serious effort to keep data secure.

      PSN on the other hand was so lax it was impossible to believe when the word came out. Personally, I though I was herding a late and bad April Fools joke when I heard of the protection measures Sony (did not) have.

        I guess it's just hoping people don't use one service's misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance. (that old 'if it's happening to someone else it's not happening to me' thing) But instead should go be saying 'Oh shit, that's scary - I'm going to be extra careful from now on to ensure this doesn't happen to me.'

        I hope now that Steam's been compromised it just makes people more aware that it can happen to anyone. Change your passwords regularly, use double security where possible, or indirect payment methods such as PayPal.

          "I guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance."

          Do not hold your breath. As long as their are fanboys and fangirls out there it is always gonna happen.

          That is the nature of a fan person - they are everywhere.

    Why is there nothing on the Steam site about this?
    Why did it take them FOUR DAYS to send out that letter, and who did they send it out to? This is the first I've heard of it and although I don't use the forums my credit card info is stored in my account.

    This seems like pretty poor form on Valve's part.

      Their forums were defaced on the 6th, they investigated the source and saw that a lot more then the forums were hacked. Gabe came out and said 'Hey we got hacked I'm sorry we'll fix it', I think thats pretty good service.

      Could be worse, they could have done a Sony: lock down the service without explanation and then admit the breach around a week or so later.

      So four days while undesirable is still far better than a week. I personally prefer an immediate response, but that gives rise to false positives. If Compony X stated they had a breach and the next morning found it to be a false alarm, how do you think the public will react?

      It seems the message that Cerzel posted is just on the forum page. Seems like something should have been posted somewhere more prominant, for those of us who don't frequent the forums.

    Interesting fact for anyone who's interested - I just changed my Steam password via the client, and also saw my credit card details were still saved. I logged out and logged back in with my new password, and went to remove my CC details, and it would appear they're already removed. Has Steam removed them for me? If so, that's a smart move on their part.

    Can anyone else confirm?

    Alas I stand to lose $98!

Join the discussion!