Steam Hacked: “They May Have Gotten Your Credit Cards”
- Categories: Games, News
- Date: Nov 11, 2011 19:36 JST
- Tags: Announcements, Crime, DLC, Hacking, Internet, Sony, Technology, Valve
Top PC games developer Valve has joined Sony in being subject to a catastrophic database hack, with the security of customer credit card details and personal information stored on their Steam platform completely compromised.
The official admission seems to have learned something from the lack of candidness which cost Sony so dearly:
Dear Steam Users and Steam Forum Users:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
Their inability to state with any certainty what was taken and the potential scope of the hack seem likely to further cement the reputation of data hoarding companies as being incapable of securely storing the personal and financial data they are so keen to gather – although it is not yet clear whether consumers really care about this enough to abandon such services, or have any choice in the matter.
The timing is likely to be particularly menacing to customer confidence in Steam, as November sees variety of high profile PC releases – which more security conscious gamers will likely see the merit in purchasing offline.
Uppers PV Dives Headfirst
Subarashii Sekai Jokes Abound
Musaigen no Phantom World Full of Cute Girls
Bullet Girls 2 PV Unsurprisingly Naughty
Bashful Homura Figure
To Love-Ru Darkness Tentacle Troubles Abound
Mangaka Celebrate Twintails Day
Hoppa Hentai Vaginar Virgin Red Sentai Parody Onahole
Taimanin Yukikaze “Lowest of the Low!”
Yandere Simulator Gets Personal
Naruto SUN Storm 4 OP Endlessly Energetic
Saijaku Muhai no Bahamut Hardly Draconic
Splatoon Squid Sisters Invade NicoNico Tokaigi 2016
Top 9 Anime of 2015, According to IGN
Rena Momozono’s Hot Hardcore F***ing Eloquently Titled
Rance Hikari o Motomete Battles Hard
Final Fantasy XV “Might As Well Be An FPS”
Dimension W Spreads It Open
Okasare Hero Strategically Sexy
Studio FOW Alice H-Short “Truly Mad!”
Carnivore Taiga Cosplay Too Cute For Words
Alluring Ahri Cosplay Magically Charming
Tsukihi Araragi BDSM Ero-Cosplay by Komugi Platinum Sexy
Goddess of Twitter “Pink & Perky!”
Serene Horo Cosplay Pure Gold
Iona Ero-Cosplay by Komugi Taking on Water
Cute Kashima Cosplay Full of Elegance
Umaru Ero-Cosplay by Asami Hamsterific
Goddess of 2ch: “Pink & Soft All The Way!”
Kuroneko Cosplay by Mikehouse Full of Life
If the encryption was decently good, then no worries, probably.
If the bad buys have a botnet of PCs with high-end graphics cards which the bad guys can program to decrypt that stolen credit card info, you might start worrying.
Even with a good botnet if the encryption hash is good (SHA1 for example) and your password is at least 8 alphanumeric characters I don't think you have to worry.
That suppose Valve is not like Sony storing your info with no encryption or shitty MD5...
now that your precious "unhackable steam" got hacked you all just trying to downgrade it and make it less worst than it is.
still remember that moron bringin up steam being unhackable to make a point about psn hack. back to you idiot hahahaha, just a matter of time
Nothing is unhackable. So fuck you and all your fucking hacker buddies, you are just an fucking inconvenience to this world. Useless no-lifes.
No choice. I'm an 14 year old recent orphan living in my grandmother's basement. I don't live here because I have a choice.
I like living in my mother's basement too.
They could sit there for the rest of their lives and never crack proper encryption and a strong password.
Gabe confirmed they use AES256bit encryption for their credit card database.
Encryption that these corporations are using is a joke, it's all well documented, and generally well understood by anyone with a background in engineering security software.
Most of the "strong" encryption algorithms can be cracked by off-the-shelf GPUs at a ridiculously fast rate. Something more serious, as in computational hardware, will have an entire data-base cracked and offload the contents of those credit cards into obscure bank accounts, long before we get a press release about a hack that's occurred.
Steam should send every user a free USB Onchan 8x better than their hand device for each account info was lost on. They got a lot of the online games now so I would put this as very very bad.
THE CAKE WAS A SPY!
I could careless, I don't use that crap for YEARS, but yes, I DO demand the USB Onchan as bonus due headache of hacking!
I would like to inform you that it's 'I couldn't care less', what you said makes fuck all sense. I'm also gunna guess you say diamond dozen as well....
10/10 would rage again.
To bad for you, this is a dogie dog world after all.
Why? Valve didn't need to take Steam down to fix the security hole (the forum) and they had all of the users sensitive data encrypted (unlike Sony).
Getting hacked is pretty much a fact of life. It even happens to the most secure of people.
USB Onchan + biometrics = secure online access.
It gives more time for people to change their passwords before the hackers crack and imitate the biometric data after copying it from server.
Please insert dick to confirm identity. Oh the value of seiyuus will skyrocket.
My dick is uncopyable, but, that's not a good thing at all...
That's an awesome idea, actually. It would certainly help the affected consumers relieve some of their pain and anger, which would turn all that wasted energy into pleasure. xD
imagine shooting a Portal Gun with the ejaculation button..
Or how about an airsoft or BB gun and a foam cut out of Gabe Newman.
You can relieve your anger by shooting him.
>Newman
It's Gabe Newell.
clever Seinfeld joke?
Yah him lol.
Yes, they should pay you, for the crimes of another. It males perfect sense.
Let me guess, their security should have been better? Still doesn't take away the fact that someone else committed the crime in the first place.
Males? You mean "makes", bro
This is a spelling bee and HE is your JUDGE! Bow to the authority. And spell properly! *whip*
Lol'd @ replying to him because he made a typo. Why don't you spend time correcting all the replies with wrong grammar/wording like you have done with Anon 21:46? The others might get jealous they did not receive such privilege ):
Maybe he really meant "males"
Have to kind of agree. At the very least I'm glad they salted and hashed our passwords and encrypted the credit card info. None of the crap Sony pulled.
Why the fuck would steam store credit card info in the first place. So yes they should pay for the crime of being fucking retarded.
The credit card info was encrypted. Not like in the Sony incident where the information was wide open in plaintext.
G-D D@MNIT! This is why we can't have nice things
Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming.
Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming
Steam is not a truck. It's a series of tubes.
Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming
Steam isn't a nice thing. It's a got damn dictatorship destroying the freedom of gaming
That's why I use virtual credit cards which expire each month. Another way is to have second normal card which you keep empty except when right before you buy
Or.... use PayPal.
Until paypal gets hacked
The best solution will be, to have something install in your body. Specially in your hand or forehead. Just like the Bible says will happen.
Something like that already happened years ago.
Oh shi-
Damn it. I wish they sell those here. :|
That is a very good idea I use one of those walmart cards with only a certain amount of cash for paypal and other online purchases such as Wii channel stuff.
ALERT!
THE ENEMY HAS TAKEN OUR INTELLIGENCE!
Achievement unlocked
Problem with Steam is PC gamers have no choice but to use it anymore - only 'blockbuster' games are sold by offline retailers, and more and more of those are dropping PC games from their shelves.
I still hate the service simply because games I buy legally cannot be played offline - even ones that I bought OFFLINE, like Dawn of War II or Civilization 5.
Not to mention - get your account hacked and your entire collection of games is gone.
Even hard copies that required Steam registration are gone, since CD keys are one-time use.
Really, I can understand that it makes game distribution cheaper and less risky for the publishers, with that PC gaming crisis and all, but really, you should be allowed to play the games you purchased, even those acquired online, without the need to launch Steam every damn time.
I mean, if someone's gonna pirate a game, he'll do it anyway, so why put restrictions upon products someone's bought legally?
There are other online retaliers that are not as restrictive as Steam. Sadly that does not solve the issue with games that have the Steam Cancer Cells implanted though.
This is why I buy a boxed version of the game, download the cracked version, and never open the box.
Because the world hasn't come to an understanding of how software distribution works.To them, no DRM means risky business.The fact being that DRM might boost sales by even a fraction of a percent and not the other way round means companies want DRM on their product.People who do not trust file sharing, people who are not knowledgeable enough for easy access to file sharing and so on.You lock down the access to games, these people buy them instead of pirating them.
Also, it has to do with fair treatment of customers.You don't sell a product where you support piracy of said product.You got to do something to tell people "you paid for our stuff, and we're on your side and will have actions to prevent freeloaders from getting access to the same product for free."
Imagine paying for a bus ride, and the guy behind you gets on for free.How would you feel as the one who paid bus fare?Even if DRM isn't stopping piracy, they've got to at least put in measures that are the best.
You can make steam run in offline mod, so you can play without loggin in to steam and without internet connection.
Then why do I need steam at all? To set it offline? Fine, than I dont need it at all. This is stupid. Whole steam client is stupid prehistoric idea - today an web api can manage downloads and DRM without need to clutter your PC with third party bullshit.
Plus whole DRM / online registration is just stupid, only cost money, makes gaming less confortable and have no effect against piracy. At least if they didnt talked the bullshit about how piracy hurt their buissines and how must they prevent it because only reasons they have for such system as steam are to shove more adds to gamers throats, get more info on them and prevent reselling their crappy games that are not even worth being pirated.
Yeah, Dawn of War II's pain-in-the-ass verification system is all the fault of Windows Games, not Steam.
retribution doesn't use games for windows live anymore.