A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were compromised in a defacement attack on the Steam forums this Sunday.
Steam Hacked, Valve Investigating Possible Credit Card Theft
Comments
80 responses to “Steam Hacked, Valve Investigating Possible Credit Card Theft”
Nah it proves that mature people are more mature than immature people though I suspect we already knew that.
-
Of course; it’s common knowledge xD
Let’s just remember that it was a PC user that did this…
Well as the owner of a VISA Debit card I better start moving some money around.
This is why I only use a debit card and only transfer the money I need into the account when it is used.
-
Its why I only use paypal
-
+1 on the Paypal user count.
-
Used to use it, just was alot easier to use the debit card and transfer amounts in and out of it as needed and seemed just as secure. Beside, although it is becoming more widely used, Paypal is not accepted everywhere.
-
Sadly, that is the case. But when it is there, I tend to use it for the buyer protection.
-
I fail to see how transferring amounts is secure. Certainly, the account would be empty and you could just go the the trouble of waiting for all the details to be changed if anything does happen, but they gain the ability to potentially take cash if you left any in there at all.
With Paypal on a service that doesn’t happen. When the option is there you should consider using it. And as WiseHacker said, it’s a good idea to use it for buyer protection.
-
-
-
10 November 2011
Dear Steam Users and Steam Forum Users:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
tl;dr It was just the forums that got hacked, not Steam itself, and anything important was encrypted. Just make sure to change your Steam password if you used the same username and password between the two.
-
A bit silly that this article itself doesn’t have the actual letter itself.
wait, did I miss something? it was only 8 months ago ppl were saying only consoles get hacked due to “bad” security.
-
but according to the email even if they got everything all the important stuff was encrypted and salted so even though im disappointed that they got hacked im glad that they encrypted everything so there is a chance that everything they got will be useless
-
yeah atleast they didn’t have all their credit card info in a plain text file *cough*sony*cough*
-
Neither did Sony *cough*troll*cough*
-
-
ok seriously. This is getting ridiculous.
deleted
-
Me too. We should be safe, Steve.
I still can’t say I’m too worried. Ever if someone had my steam account name and password, they’d still need my email address and it’s password, cause I’ve got steam guard on.
Plus I’m usually connected to steam anyway, so would notice if someone kicked me off.
-
This. Steam Guard + Paypal.
canttouchthis.gif
And heres why gaming isnt going digital only in the future anytime soon.
what doucher attacks steam, i’m not saying that its ok to hack any gaming service or platform but really? the funny thing is the people doing all this hacking probably enjoy the same or similar services they try to deface/destroy.
Would you be safe if you didn’t save your details?
What I don’t understand is why companies need to keep credit card details.
-
They have to by law – they need to keep proof of all transactions so they can prove they are not trying to evade playing taxes, etc.
How long they can keep the information for varies, come indefinitely, some only seven years. Depends on the law in the region and the business in question.
This is indeed worrisome for some. I’m glad I made my details for the forums completely different to my account details and I use steam guard.
Not good and completely unacceptable steam. I cant purcahse online if i cant trust the system.
Information and knowledge is power in this day and age.
For those of you using PayPal (and Google), it’s best to turn on the 2-factor authentication for increased security.
Why hasn’t valve personally contacted customers about this?
-
-
Yes, I read that, but WHY hasn’t Valve contacted their customers directly, we have a right to know if our credit card details have been compromised; encryption or not.
I shouldn’t have to find out that information in a comment on a news forum, they should have emailed it directly to me.
-
Don’t jinx it! Last we need is another PSN incident.
-
An incident on the scale of the PSN one will not likely occur on Steam.
-
All the same, let’s not jinx it! I swear the more we talk about it, the worse it may become.
-
-
-
to get the conspiracy nuts going – could EA be behind the hack?
-
/puts conspiracy hat on
Hmm it all seems too convenient. It seems weird too that no one has mentioned aliens maybe EA are aliens.
/takes conspiracy hat off and gets back to work
*sniff* sniff* I smell class action suite.
-
Nope. That was my bacon and bean sandwich.
Remember all the backlash and rage directed at Sony when it happened to PSN? I guarantee you that won’t happen with Steam.
I distinctly remember in the wake of the PSN breach, all the Xbox and PC fanbois crowing that this would never ever happen to them, because PSN’s security sucks, and their respective service’s (XBL and Steam) security didn’t.
No system is unhackable, it just depends who’s doing it, and how talented and determined they are.
I hope this just makes people more security aware at the end of the day, if that’s the only good thing that can come from these hacking incidents – that’s something right?
-
It may still happen. If people can whine, they will whine.
The only difference I can see is that Steam made a serious effort to keep data secure.
PSN on the other hand was so lax it was impossible to believe when the word came out. Personally, I though I was herding a late and bad April Fools joke when I heard of the protection measures Sony (did not) have.
-
I guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance. (that old ‘if it’s happening to someone else it’s not happening to me’ thing) But instead should go be saying ‘Oh shit, that’s scary – I’m going to be extra careful from now on to ensure this doesn’t happen to me.’
I hope now that Steam’s been compromised it just makes people more aware that it can happen to anyone. Change your passwords regularly, use double security where possible, or indirect payment methods such as PayPal.
-
“I guess it’s just hoping people don’t use one service’s misfortunes (PSN, Steam, whichever) as a platform for defending their own platform of choice, or using it as some form of self assurance.”
Do not hold your breath. As long as their are fanboys and fangirls out there it is always gonna happen.
That is the nature of a fan person – they are everywhere.
-
-
Why is there nothing on the Steam site about this?
Why did it take them FOUR DAYS to send out that letter, and who did they send it out to? This is the first I’ve heard of it and although I don’t use the forums my credit card info is stored in my account.
This seems like pretty poor form on Valve’s part.
-
Their forums were defaced on the 6th, they investigated the source and saw that a lot more then the forums were hacked. Gabe came out and said ‘Hey we got hacked I’m sorry we’ll fix it’, I think thats pretty good service.
-
Could be worse, they could have done a Sony: lock down the service without explanation and then admit the breach around a week or so later.
So four days while undesirable is still far better than a week. I personally prefer an immediate response, but that gives rise to false positives. If Compony X stated they had a breach and the next morning found it to be a false alarm, how do you think the public will react?
-
It seems the message that Cerzel posted is just on the forum page. Seems like something should have been posted somewhere more prominant, for those of us who don’t frequent the forums.
Interesting fact for anyone who’s interested – I just changed my Steam password via the client, and also saw my credit card details were still saved. I logged out and logged back in with my new password, and went to remove my CC details, and it would appear they’re already removed. Has Steam removed them for me? If so, that’s a smart move on their part.
Can anyone else confirm?
Alas I stand to lose $98!
It’s only a matter of time before all of this becomes a media circus again, and people jumping to conclusions before they even have any idea of what’s going on. Hopefully im not one of those people affected, but i should probably look into using paypal for online purchases just to be on the safe side now
Leave a Reply