• Welcome to the Devil May Cry Community Forum!

    We're a group of fans who are passionate about the Devil May Cry series and video gaming.

    Register Log in

Steam Hacked

V

Vergil'sBitch

I am Nero's Mom & Obsessed fan girl
Premium
Credit card details confirmed stolen from Steam

Valve has admitted that personal information including credit card information, emails and passwords have all been stolen by hackers, following a security issue last weekend.

Although the initial break-in by hackers was thought to be limited to just the Steam forums, Valve boss Gabe Newell has written to all Steam users to admit that it's a lot more serious than that. Here's the full text of what he said:

'Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.'

As you can see it's serious stuff, but the one detail that's missing is numbers. It's not clear at all how many accounts were accessed and therefore how many people are at risk. Steam has around 35 million active user accounts, so if the hackers got into them all that's a lot of people checking a lot of credit cards.
Click to expand...

 

Have any of you guys and girls on here been affected?
 
Angelo Credo

Angelo Credo

Kept you waiting, huh?
Nope, I removed my card details from Steam a couple weeks back actually, purely to stop me impulse buying really cheap games. At least there's no risk of my card being used by anyone else.
I'm actually glad Valve came forward with all the details as quickly as they did. A far cry from Sony's "there's nothing wrong, everything's fine" approach. There's definitely something to be said for being open and honest with your customers.

Besides, like they said, they're not aware of any actual steam accounts that have been compromised, only forum accounts, and those passwords are hashed and salted, so the risk is minimal. Not that a password change could hurt at any rate.
 
Angelo Credo

Angelo Credo

Kept you waiting, huh?
It's all a form of password cryptography, effectively a salt is a string of random random numbers needed to access encrypted data (that's a hash, in this example), along with a password.

It's designed to make it a great deal harder for people to access encrypted information. Example: Say if someone were trying to guess a password, every one he tries has to be checked against each salt value. A 1 bit salt value (ie: 0 and 1) makes guessing the password twice as hard, a 2 bit salt value makes it four times as hard and so on until it gets up to ridiculously long winded levels of trial, error and effort.

Plus, passwords and salts are usually stored separately, so even if the passwords are compromised, they're useless to the hacker without the salts to access them.

Hope that's a reasonable explanation, it's pretty simplified but covers the basics.
 
Angel

Angel

Is not rat, is hamster
Admin
Moderator
I only ever use PayPal with Steam but I changed all my PW's anyway just to be safe. Steve went and cancelled his credit card because we've been stung before by hackers getting into databases (almost £200 spent on avatar items over XBL in the past by hackers).
 
Vauxchen

Vauxchen

The devoted
Premium
Apparently, it's fake according to this: http://i.imgur.com/LW44c.png. But it wouldn't hurt to change your password anyway.

As mentioned earlier, Valve are very open about this, and it puts faith in them that they are. I believe that Gabe actually responds to all the emails he gets, rather than just leaving them ignored. Quite a big thing for someone in his position, in such a big company...
 
V

Vergil'sBitch

I am Nero's Mom & Obsessed fan girl
Premium
Angel said:
I only ever use PayPal with Steam but I changed all my PW's anyway just to be safe. Steve went and cancelled his credit card because we've been stung before by hackers getting into databases (almost £200 spent on avatar items over XBL in the past by hackers).
Click to expand...

That's disgusting... Security should be a top priority, which no one should know better than microsoft... the way Xbox fanboys go on they sound as if they've never heard of hacking (ie laughing about the fact sony got hacked).
It's nice to see a company that are so on top of these things, and who respect their customers.
 
Dark Drakan

Dark Drakan

Well-known Member
Admin
Moderator
Vergil'sBitch said:
That's disgusting... Security should be a top priority, which no one should know better than microsoft... the way Xbox fanboys go on they sound as if they've never heard of hacking (ie laughing about the fact sony got hacked).
It's nice to see a company that are so on top of these things, and who respect their customers.
Click to expand...

At least Microsofts cases are usually individual cases and not millions in one foul swoop which they then deny. I had someone purchase Microsoft points on my card for me somehow, still not sure how it happened. Microsoft gave me my money back for them and let me keep the points.

Nothing is safe from hackers and they will find a way into anything, its how the companies deal with the hacks and the action they take that people judge them on. If this hack was a real attack Steam seemed to get on top of it fast and told their customers about it quickly and as you said showed some respect towards their customer base.
 
You must log in or register to reply here.
Top Bottom