Steam, the online platform of video game firm Valve Corporation, has admitted that customer personal details including encrypted credit card information might have been exposed by a hack attack last weekend. The hack led to the creation of a new "promoted" discussion thread on the Steampowered forum, ostensibly promoting a site …
There's always someone...
...who'll throw a crowbar in the works.
Is this correct?
Let me see if I understand this correctly:
If I have a Steam account for this or that game (in fact I have many Steam accounts, in case I want to sell a game) but no Steam forum account, then I am safe?
I would go to the Steam forum and ask but I am just a bit hesitant at the moment. . .
Although it took a while, at least Valve are being open about what was taken, and what might have been taken, unlike others in similar circumstances.
Though saying that, still wonder if it could have been preventable...
Maybe they were looking for Half Life 2 : Episode 3
I know I am...
not gonna happen they stopped doing episodes
of course I could have told them it was a bad idea in the first place.
Got a link maybe?
Well if there is not going to be a Half-Life Episode 3, will there be a Half-Life 3 at all, or are they just going to abandon the franchise? That's hard to believe. Some sort of wrap-up would have been nice.
To be hacked once may be regarded as a misfortune; to be hacked twice looks like carelessness.
"We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."
Reading between the lines " they stole our Database but we dont think they can crack it...we hope"
From what i have been told steam forums/steam/steam works all had the DB's accessed , and the hackers had several days access before the forum defacement which may not even have been the done by the same culprit or culprits who accessed the DB's.
Again on the romour mill they think what happen was the original hackers posted up the hack on a certain altogether dark place once they have finished their business and a another less talented individual used the info to gain access to an admin account details for the forums.
Yup, sounds right to me.
My big question is if they kept things in a compliant manner, and only for as long as needed. I have no card associated with my account, but I have made purchases. I am constantly amazed at how companies will retain historical records. This is the point that has me worried. I would really like to know their data retention policy so that I can evaluate if I need to inform my credit card. Anyone out there that knows this?
Finally, a company with a clue, that doesn't store passwords or credit card details on their database in clear text. That instantly renders this hack about a thousand times less serious than it otherwise would have been (like at Sony...). Hacking happens, but respect for companies that use best practice to minimise the damage, and are honest about it...
Why are they STORING your credit card details? Did you give consent to this? Is there a do-not-store-ask-me-each-time option?
It's a worry I have with Amazon too.
Yes, it offers to remember your details, but you are free to tell them not to.
Am on steam and was not notified
Good to read this article, the last interaction from them was when I bought a game a called Darksiders.
I have noticed a recent surge in dating spam from some chinese muppets which may or may not be related
Will have to contact steam to ask them why they did not think to email me as a customer on the email they know I use
I wasn't either, though I know people who were
I can only assume that this means my user account details were not compromised.
When they say "a database" does that imply the possibility that there are multiple user databases?
the peeps in charge of data storage systems like these are fined thousands for every person affected by hacks like this, the situation wont change and our details will keep being leaked.
Valve? Run by valves...
You do hope you are working for the government.
Was hoping it was only the 3rd party forums that were affected, obviously as steam accounts have added value against them will definatly be changing passwords. Might have been a wise choice for me to purchase games via Paypal when they added the option though.
I'm also wondering if those people without a forum account are OK.
I've just remembered a dormant account I have with another bank...might make it a patsy account for online transactions, top it up as required.
That's a good idea. Use a debit card for a current account with no overdraft and only ever keep a small amount in there.
OTH you aren't liable if someone hacks/defrauds you. you can get the money back.
On the plus side if your steam account does get hacked they won't be able to argue you didn't keep the password secure.
No comments yet?
Can only assume we're all busy changing our Steam passwords to post comments :)
Strange they would consider advising to remove CC details from Steam after the event though...of course we probably shouldn't assume that all backdoors have since been discovered and closed, I suppose.
As a PS3 and Steam user...
I feel a bit, exposed shall we say. At least Steam didn't want to know where I live (unlike Sony who might as well have asked where I lived, where I was born, what colour underwear do I like wearing) so at least I feel a bit happier with that.
Here's the real solution (how I see it anyway) - perhaps Microsoft, Sony and Valve should stop storing our card details. Its not as if when I buy a game from Game they ask "Oh, by the way sir, can we just copy your card number in case you buy something else? I mean, that would be more convenient for you by not having to reach into your pocket and open your wallet?"
Why should they need to keep them? I'm quite happy to whip the card out every time I buy something if it means keeping my details safe.
I may be antiquated, but...
I remember the days when you bought a game as a CD and played it, no DRM.
Where is the advantage to anyone in having to sign on via a hackable middleman?
Sorry, no stonehenge icon.
Ease of delivery and ease of updates mainly.
Price reductions not so much. Except on special occasions and/or you wait a few years, you may get notified that you can buy a whole series for just a lunch.
You're not the only one.
It's not that early games didn't have copy-protection. They just didn't demand you create an account and have your game maintain a connection to some authentication server in order for you to play.
I've avoided games that insist on some kind of online activation for a while now, and this is one reason why. All I want to do is stuff the disk in and play the game, and in these days of multi-terabyte hard disk drives, inserting the disk should be optional. Egosoft for example ensure genuine customers get support and updates by having you put your game key into a user profile on their web forums. That and the Steam nonsense is all optional though. Insert disk, install game, put the disk somewhere safe and don't bother touching it again, then play as much as you like.
Or then there's Gratuitious Space Battles, or obligatory mention of gog.com - there's still some choice out there for people who want to have fun without a side helping of malware and hacking risk.
I know the text says "Windows User", but it's the only one that looks like a grumpy old bloke.
I'm trying to fathom here how this is better than Sony's breach. Saint Gabe said they're all very sorry? Well, that makes it all better.
Sorry isn't good enough. I found out about this through El Reg first, and there was no public message at that point, just vague references to an email many of us never received and that the forums were defaced. Now potentially their entire database was stolen?
Where are all the screaming muppets who cheered the Sony breach because Sony's an evil empire and deserved it? When are people going to learn that us users are the ones being preyed on here?
How else can the reach you?
I personally received a notice through their Steam News screens, which usually appear once you leave a Steam app. But unless you regularly check the Steam page or your e-mail, how else can they get through to you? If they post a popup, they get railed for a potential abuse avenue (as of now, they only pop up on restart requests, and this is OK since these require user intervention).
I retract my statement....
...you can choose to not store your card details with Steam.
They were all...
Protected By Steam Guard
So where in the client I Get a nice green sheild saying "Protected By Steam Guard" it really means, storing all your data in a shared database allowing multiple potential breach points.
vBulletin® Version 3.8.7
I think due to lack of efforts to keep there vBulletin forum updated the site and DB was hacked though a hole in the vBulletin® Version 3.8.7 scripts
"I condenser that a failing by the way!"
"News of the breach coincides with the release of Skyrim, the fifth game in Bethesda Software's popular Elder Scrolls series; unlocking the game and playing it online required access to Steam's online services."
What has that got to do with this? Aside from being incorrect (Skyrim is not an online game and you do not "play it online") Steam released quite a few other games on the same day. So, what are you saying here exactly?