Steam Hacked: “They May Have Gotten Your Credit Cards”

portal-cake.jpg

Top PC games developer Valve has joined Sony in being subject to a catastrophic database hack, with the security of customer credit card details and personal information stored on their Steam platform completely compromised.

The official admission seems to have learned something from the lack of candidness which cost Sony so dearly:

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

Their inability to state with any certainty what was taken and the potential scope of the hack seem likely to further cement the reputation of data hoarding companies as being incapable of securely storing the personal and financial data they are so keen to gather – although it is not yet clear whether consumers really care about this enough to abandon such services, or have any choice in the matter.

The timing is likely to be particularly menacing to customer confidence in Steam, as November sees variety of high profile PC releases – which more security conscious gamers will likely see the merit in purchasing offline.


    Post Comment »
    200 Comments
    Sort by: Date | Score
    Comment by Anonymous
    20:50 11/11/2011 # ! Quality (+1.0)

    If the encryption was decently good, then no worries, probably.

    If the bad buys have a botnet of PCs with high-end graphics cards which the bad guys can program to decrypt that stolen credit card info, you might start worrying.

    Avatar of G4tsu
    Comment by G4tsu
    23:50 11/11/2011 # ! Neutral (+0.2)

    Even with a good botnet if the encryption hash is good (SHA1 for example) and your password is at least 8 alphanumeric characters I don't think you have to worry.
    That suppose Valve is not like Sony storing your info with no encryption or shitty MD5...

    Avatar of Ciscotaku
    Comment by Ciscotaku

    now that your precious "unhackable steam" got hacked you all just trying to downgrade it and make it less worst than it is.
    still remember that moron bringin up steam being unhackable to make a point about psn hack. back to you idiot hahahaha, just a matter of time

    Comment by Anonymous
    02:03 12/11/2011 # ! Good (+0.8)

    Nothing is unhackable. So fuck you and all your fucking hacker buddies, you are just an fucking inconvenience to this world. Useless no-lifes.

    Comment by Anonymous
    14:32 12/11/2011 # ! Neutral (0)

    No choice. I'm an 14 year old recent orphan living in my grandmother's basement. I don't live here because I have a choice.

    Comment by Anonymous
    02:19 12/11/2011 # ! Neutral (0)

    I like living in my mother's basement too.

    Avatar of Pyrolight
    Comment by Pyrolight
    03:01 12/11/2011 # ! Neutral (+0.2)

    They could sit there for the rest of their lives and never crack proper encryption and a strong password.

    Avatar of ultrabot
    Comment by ultrabot
    18:14 12/11/2011 # ! Neutral (+0.2)

    Gabe confirmed they use AES256bit encryption for their credit card database.

    Comment by Anonymous

    Encryption that these corporations are using is a joke, it's all well documented, and generally well understood by anyone with a background in engineering security software.

    Most of the "strong" encryption algorithms can be cracked by off-the-shelf GPUs at a ridiculously fast rate. Something more serious, as in computational hardware, will have an entire data-base cracked and offload the contents of those credit cards into obscure bank accounts, long before we get a press release about a hack that's occurred.

    Comment by Anonymous
    20:37 11/11/2011 # ! Quality (+1.0)

    Steam should send every user a free USB Onchan 8x better than their hand device for each account info was lost on. They got a lot of the online games now so I would put this as very very bad.

    Comment by Anonymous
    21:52 11/11/2011 # ! Good (+0.8)

    THE CAKE WAS A SPY!

    Avatar of Gradius
    Comment by Gradius
    06:43 12/11/2011 # ! Neutral (0)

    I could careless, I don't use that crap for YEARS, but yes, I DO demand the USB Onchan as bonus due headache of hacking!

    Comment by Anonymous
    20:18 12/11/2011 # ! Neutral (0)

    I would like to inform you that it's 'I couldn't care less', what you said makes fuck all sense. I'm also gunna guess you say diamond dozen as well....

    10/10 would rage again.

    Comment by Anonymous
    10:48 14/11/2011 # ! Neutral (0)

    To bad for you, this is a dogie dog world after all.

    Comment by Anonymous
    10:28 12/11/2011 # ! Good (+0.6)

    Why? Valve didn't need to take Steam down to fix the security hole (the forum) and they had all of the users sensitive data encrypted (unlike Sony).

    Getting hacked is pretty much a fact of life. It even happens to the most secure of people.

    Avatar of Gitami
    Comment by Gitami
    00:53 13/11/2011 # ! Neutral (0)

    USB Onchan + biometrics = secure online access.

    It gives more time for people to change their passwords before the hackers crack and imitate the biometric data after copying it from server.

    Please insert dick to confirm identity. Oh the value of seiyuus will skyrocket.

    Comment by Anonymous
    00:03 29/08/2013 # ! Neutral (0)

    My dick is uncopyable, but, that's not a good thing at all...

    Comment by Anonymous
    22:44 11/11/2011 # ! Neutral (0)

    That's an awesome idea, actually. It would certainly help the affected consumers relieve some of their pain and anger, which would turn all that wasted energy into pleasure. xD

    Comment by Anonymous
    11:51 12/11/2011 # ! Neutral (+0.2)

    imagine shooting a Portal Gun with the ejaculation button..

    Comment by The Scarlet Devil
    00:56 12/11/2011 # ! Neutral (-0.2)

    Or how about an airsoft or BB gun and a foam cut out of Gabe Newman.
    You can relieve your anger by shooting him.

    Comment by Anonymous
    00:57 12/11/2011 # ! Good (+0.8)

    >Newman

    It's Gabe Newell.

    Comment by Anonymous
    02:44 12/11/2011 # ! Good (+0.8)

    clever Seinfeld joke?

    Comment by The Scarlet Devil
    02:42 12/11/2011 # ! Neutral (0)

    Yah him lol.

    Comment by Anonymous

    Yes, they should pay you, for the crimes of another. It males perfect sense.

    Let me guess, their security should have been better? Still doesn't take away the fact that someone else committed the crime in the first place.

    Comment by Anonymous
    21:52 11/11/2011 # ! Good (+0.7)

    Males? You mean "makes", bro

    Comment by Anonymous
    23:41 11/11/2011 # ! Good (+0.8)

    This is a spelling bee and HE is your JUDGE! Bow to the authority. And spell properly! *whip*

    Avatar of torappu
    Comment by torappu
    23:14 11/11/2011 # ! Good (+0.4)

    Lol'd @ replying to him because he made a typo. Why don't you spend time correcting all the replies with wrong grammar/wording like you have done with Anon 21:46? The others might get jealous they did not receive such privilege ):

    Comment by Anonymous
    11:06 12/11/2011 # ! Neutral (0)

    Maybe he really meant "males"

    Comment by Anonymous
    04:32 12/11/2011 # ! Neutral (+0.2)

    Have to kind of agree. At the very least I'm glad they salted and hashed our passwords and encrypted the credit card info. None of the crap Sony pulled.

    Comment by Anonymous

    Why the fuck would steam store credit card info in the first place. So yes they should pay for the crime of being fucking retarded.

    Comment by Anonymous
    11:07 12/11/2011 # ! Neutral (+0.2)

    The credit card info was encrypted. Not like in the Sony incident where the information was wide open in plaintext.

    Comment by Anonymous
    22:08 11/11/2011 # ! Quality (+1.0)

    G-D D@MNIT! This is why we can't have nice things

    Avatar of Sylar
    Comment by Sylar
    23:21 11/11/2011 # ! Neutral (-0.2)

    Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming.

    Avatar of Sylar
    Comment by Sylar
    01:42 14/11/2011 # ! Neutral (-0.2)

    Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming

    Comment by Anonymous
    02:24 23/11/2011 # ! Neutral (0)

    Steam is not a truck. It's a series of tubes.

    Comment by Anonymous
    00:42 16/11/2011 # ! Neutral (0)

    Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming

    Comment by Anonymous
    20:17 14/11/2011 # ! Neutral (0)

    Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming

    Avatar of Riiku
    Comment by Riiku
    23:47 11/11/2011 # ! Quality (+1.0)

    That's why I use virtual credit cards which expire each month. Another way is to have second normal card which you keep empty except when right before you buy

    Comment by Anonymous
    10:29 12/11/2011 # ! Good (+0.8)

    Or.... use PayPal.

    Comment by Anonymous
    08:05 13/11/2011 # ! Neutral (0)

    Until paypal gets hacked

    Comment by Anonymous
    17:28 15/11/2011 # ! Neutral (0)

    The best solution will be, to have something install in your body. Specially in your hand or forehead. Just like the Bible says will happen.

    Comment by Anonymous
    05:50 15/11/2011 # ! Neutral (0)

    Something like that already happened years ago.

    Comment by Anonymous
    09:50 16/11/2011 # ! Neutral (0)

    Oh shi-

    Avatar of Cosplaying God
    Comment by Cosplaying God
    04:01 12/11/2011 # ! Neutral (0)

    Damn it. I wish they sell those here. :|

    Comment by The Scarlet Devil
    00:58 12/11/2011 # ! Neutral (-0.2)

    That is a very good idea I use one of those walmart cards with only a certain amount of cash for paypal and other online purchases such as Wii channel stuff.

    Comment by Anonymous
    03:06 12/11/2011 # ! Quality (+1.0)

    ALERT!
    THE ENEMY HAS TAKEN OUR INTELLIGENCE!

    Avatar of alex251
    Comment by alex251
    20:18 11/11/2011 # ! Quality (+0.8)

    Achievement unlocked

    Comment by Anonymous
    23:14 11/11/2011 # ! Neutral (+0.4)

    Problem with Steam is PC gamers have no choice but to use it anymore - only 'blockbuster' games are sold by offline retailers, and more and more of those are dropping PC games from their shelves.

    I still hate the service simply because games I buy legally cannot be played offline - even ones that I bought OFFLINE, like Dawn of War II or Civilization 5.

    Comment by Anonymous
    01:57 12/11/2011 # ! Neutral (+0.2)

    Not to mention - get your account hacked and your entire collection of games is gone.
    Even hard copies that required Steam registration are gone, since CD keys are one-time use.

    Really, I can understand that it makes game distribution cheaper and less risky for the publishers, with that PC gaming crisis and all, but really, you should be allowed to play the games you purchased, even those acquired online, without the need to launch Steam every damn time.
    I mean, if someone's gonna pirate a game, he'll do it anyway, so why put restrictions upon products someone's bought legally?

    Comment by Anonymous
    05:14 12/11/2011 # ! Neutral (0)

    There are other online retaliers that are not as restrictive as Steam. Sadly that does not solve the issue with games that have the Steam Cancer Cells implanted though.

    Comment by Anonymous
    04:44 12/11/2011 # ! Neutral (0)

    This is why I buy a boxed version of the game, download the cracked version, and never open the box.

    Comment by Anonymous
    23:13 12/11/2011 # ! Neutral (0)

    Because the world hasn't come to an understanding of how software distribution works.To them, no DRM means risky business.The fact being that DRM might boost sales by even a fraction of a percent and not the other way round means companies want DRM on their product.People who do not trust file sharing, people who are not knowledgeable enough for easy access to file sharing and so on.You lock down the access to games, these people buy them instead of pirating them.

    Also, it has to do with fair treatment of customers.You don't sell a product where you support piracy of said product.You got to do something to tell people "you paid for our stuff, and we're on your side and will have actions to prevent freeloaders from getting access to the same product for free."

    Imagine paying for a bus ride, and the guy behind you gets on for free.How would you feel as the one who paid bus fare?Even if DRM isn't stopping piracy, they've got to at least put in measures that are the best.

    Comment by Anonymous
    23:42 11/11/2011 # ! Neutral (0)

    You can make steam run in offline mod, so you can play without loggin in to steam and without internet connection.

    Comment by Anonymous
    08:37 12/11/2011 # ! Neutral (0)

    Then why do I need steam at all? To set it offline? Fine, than I dont need it at all. This is stupid. Whole steam client is stupid prehistoric idea - today an web api can manage downloads and DRM without need to clutter your PC with third party bullshit.
    Plus whole DRM / online registration is just stupid, only cost money, makes gaming less confortable and have no effect against piracy. At least if they didnt talked the bullshit about how piracy hurt their buissines and how must they prevent it because only reasons they have for such system as steam are to shove more adds to gamers throats, get more info on them and prevent reselling their crappy games that are not even worth being pirated.

    Comment by Anonymous

    Yeah, Dawn of War II's pain-in-the-ass verification system is all the fault of Windows Games, not Steam.

    Comment by Anonymous
    01:17 12/11/2011 # ! Neutral (+0.2)

    retribution doesn't use games for windows live anymore.







    Post Comment »

Popular

Recent News

Recent Galleries

Recent Comments