Valve admits forum hack exposed gamers' privates Steam, the online platform of video game firm Valve Corporation, has admitted that customer personal details including encrypted credit card information might have been exposed by a hack attack last weekend. The hack led to the creation of a new "promoted" discussion thread on the Steampowered forum, ostensibly promoting a …
Let me see if I understand this correctly:
If I have a Steam account for this or that game (in fact I have many Steam accounts, in case I want to sell a game) but no Steam forum account, then I am safe?
I would go to the Steam forum and ask but I am just a bit hesitant at the moment. . .
"We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."
Reading between the lines " they stole our Database but we dont think they can crack it...we hope"
From what i have been told steam forums/steam/steam works all had the DB's accessed , and the hackers had several days access before the forum defacement which may not even have been the done by the same culprit or culprits who accessed the DB's.
Again on the romour mill they think what happen was the original hackers posted up the hack on a certain altogether dark place once they have finished their business and a another less talented individual used the info to gain access to an admin account details for the forums.
Yup, sounds right to me.
My big question is if they kept things in a compliant manner, and only for as long as needed. I have no card associated with my account, but I have made purchases. I am constantly amazed at how companies will retain historical records. This is the point that has me worried. I would really like to know their data retention policy so that I can evaluate if I need to inform my credit card. Anyone out there that knows this?
This post has been deleted by its author
Finally, a company with a clue, that doesn't store passwords or credit card details on their database in clear text. That instantly renders this hack about a thousand times less serious than it otherwise would have been (like at Sony...). Hacking happens, but respect for companies that use best practice to minimise the damage, and are honest about it...
Good to read this article, the last interaction from them was when I bought a game a called Darksiders.
I have noticed a recent surge in dating spam from some chinese muppets which may or may not be related
Will have to contact steam to ask them why they did not think to email me as a customer on the email they know I use
Can only assume we're all busy changing our Steam passwords to post comments :)
Strange they would consider advising to remove CC details from Steam after the event though...of course we probably shouldn't assume that all backdoors have since been discovered and closed, I suppose.
I feel a bit, exposed shall we say. At least Steam didn't want to know where I live (unlike Sony who might as well have asked where I lived, where I was born, what colour underwear do I like wearing) so at least I feel a bit happier with that.
Here's the real solution (how I see it anyway) - perhaps Microsoft, Sony and Valve should stop storing our card details. Its not as if when I buy a game from Game they ask "Oh, by the way sir, can we just copy your card number in case you buy something else? I mean, that would be more convenient for you by not having to reach into your pocket and open your wallet?"
Why should they need to keep them? I'm quite happy to whip the card out every time I buy something if it means keeping my details safe.
This post has been deleted by its author
It's not that early games didn't have copy-protection. They just didn't demand you create an account and have your game maintain a connection to some authentication server in order for you to play.
I've avoided games that insist on some kind of online activation for a while now, and this is one reason why. All I want to do is stuff the disk in and play the game, and in these days of multi-terabyte hard disk drives, inserting the disk should be optional. Egosoft for example ensure genuine customers get support and updates by having you put your game key into a user profile on their web forums. That and the Steam nonsense is all optional though. Insert disk, install game, put the disk somewhere safe and don't bother touching it again, then play as much as you like.
Or then there's Gratuitious Space Battles, or obligatory mention of gog.com - there's still some choice out there for people who want to have fun without a side helping of malware and hacking risk.
I know the text says "Windows User", but it's the only one that looks like a grumpy old bloke.
I'm trying to fathom here how this is better than Sony's breach. Saint Gabe said they're all very sorry? Well, that makes it all better.
Sorry isn't good enough. I found out about this through El Reg first, and there was no public message at that point, just vague references to an email many of us never received and that the forums were defaced. Now potentially their entire database was stolen?
Where are all the screaming muppets who cheered the Sony breach because Sony's an evil empire and deserved it? When are people going to learn that us users are the ones being preyed on here?
I personally received a notice through their Steam News screens, which usually appear once you leave a Steam app. But unless you regularly check the Steam page or your e-mail, how else can they get through to you? If they post a popup, they get railed for a potential abuse avenue (as of now, they only pop up on restart requests, and this is OK since these require user intervention).
"News of the breach coincides with the release of Skyrim, the fifth game in Bethesda Software's popular Elder Scrolls series; unlocking the game and playing it online required access to Steam's online services."
What has that got to do with this? Aside from being incorrect (Skyrim is not an online game and you do not "play it online") Steam released quite a few other games on the same day. So, what are you saying here exactly?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
