OH FOOOK! Steam has been hacked.

kearneybobs

This is not looking good. Kotaku is reporting that Steam has been hack with Valve looking into the possibility that credit card data has also been taken.
http://kotaku.com/5858473/steam-hacked-valve-investigating-possible-credit-card-theft

Steam Hacked, Valve Investigating Possible Credit Card Theft

A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were inside a database compromised during a defacement attack on the Steam forums this Sunday.
Valve is advising all of its Steam customers to keep close eye on their credit card activity, as those numbers were inside a database the hackers penetrated during the larger attack, Newell wrote. The Steam Forums are currently closed. Steam itself is operating.
"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Newell wrote. "We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."
The database exposed during the attack "contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," Newell said in the statement.
The Steam Forums are currently offline as Valve continues its investigation and recovers from the attack. When the forums return, all users will be required to change their passwords. Users who used the same password on the Steam Forums as they did on other sites are advised to change those passwords as well.
"We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password." Newell wrote.
"I am truly sorry this happened, and I apologize for the inconvenience," he said.

Valve Press Release:

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.

Sarky

F*ck yeah 3V cards.

B0X

Well... hopefully nothing comes of it and they give us some free games. Better keep an eye on the card though.

DarkJager

Sickener for those affected, but this doesn't paint a very pretty picture for services like steam and origin. Download off these and you have your personal details and cc details stored online where they can be accessed. You buy a physical copy in a shop and all that changes hands is a bank note.

Sierra Oscar

Statement up on the Steam Forums - http://forums.steampowered.com/forums/index.php

Mantel

If the majority of people use steam guard then the impact will be low.

If you don't have steam guard on and you have the same password for your email account... You have yourself to blame. Some peoples steam accounts have more worth in them than their bank accounts.

cherryghost

FFS. And why wasn't this mentioned days ago when instead some people's credit card details have been sitting idly be in the possible hands of a hacker.

Sick of this ****.

Headshot

Newbie question

If iv bought stuff on steam with my credit card, do steam save that information?

titan18

Headshot wrote: »

Newbie question

If iv bought stuff on steam with my credit card, do steam save that information?

There's a checkbox asking you do you want to save credit card information. It's set to off as default I think

Headshot

titan18 wrote: »

There's a checkbox asking you do you want to save credit card information. It's set to off as default I think

Thanks titan, its along time since I used steam so couldnt remember the ins and out of it

Yap im 90% sure i didnt save the information, is there away to know for certain?

titan18

Headshot wrote: »

Thanks titan, its along time since I used steam so couldnt remember the ins and out of it

Yap im 90% sure i didnt save the information, is there away to know for certain?

Try to buy something, you won't need to enter in your credit card details when you do.Don't know of any other way.

kearneybobs

titan18 wrote: »

There's a checkbox asking you do you want to save credit card information. It's set to off as default I think

Damn, I just ticked that box the other day . :mad::(

Mantel

Headshot wrote: »

Thanks titan, its along time since I used steam so couldnt remember the ins and out of it

Yap im 90% sure i didnt save the information, is there away to know for certain?

Add a game to your cart and go through the purchase process, you'll see

Payment method:
Visa ending in

If you have a card stored along with a link to change it. Not sure how to remove it fully.

titan18

kearneybobs wrote: »

Damn, I just ticked that box the other day . :mad::(

Happened last weekend so should be ok if it was this week

Headshot

titan18 wrote: »

Try to buy something, you won't need to enter in your credit card details when you do.Don't know of any other way.

nice one

Thanks Titan

kearneybobs

titan18 wrote: »

Happened last weekend so should be ok if it was this week

Nah, it was about two weeks ago. Oh well, suppose I just gotta play the waiting game.

ressem

If you open the steam client, in the top right of the window it'll have "your username's account" as a hyperlink.

Click on it.
On the next screen, on the right of the screen under the 'Your Steam Account' panel, it'll list the last 4 digits of your credit card if it's set to store the payment details.
You can remove the card from here.

titan18

When you open up Steam,next to the minimise button, it should say your account name, credit card info appears in there to delete if it's saved. Also has store transactions and steam wallet funds so can check if anything bad is happening

As above with ressem

Gummy Panda

I always used paypal. Phew!!

Sierra Oscar

The information from the Steam Forums itself should be safe as the passwords are salted and hashed - still waiting for information on how secure the other information was. Obviously you should change your passwords as a precaution though.

super_furry

I demand free hats as compensation!

Sierra Oscar

super_furry wrote: »

I demand free hats as compensation!

I can imagine it now - "I survived the great hacking of 2011".

kearneybobs

Sierra Oscar wrote: »

I can imagine it now - "I survived the great hacking of 2011" and all I got was this awesome hat!

fyp

Moon54

First Sony and now this,
they're obviously not taking security as seriously as their bottom line,
but they should!

Overheal

Moon54 wrote: »

First Sony and now this,

Theres a big difference between the level of security Steam had in place and what the PSN had in place. The PSN security was patently antiquated. You need to route through your email account just to update your password. that is security. Nobody can get your steam password and run off with the account.

It's a delusion to think Steam doesn't take security seriously because it was hacked. The loss of the user tables hasn't actually compromised most accounts. If you setup Steamguard correctly and don't use a single password, this will affect you minimally. In addition even in the boards.ie hack it was still a considerable amount of time (a couple days) before people reported the first 'hackings' implying it took time for the tables to be decrypted. And I will wager, Steam being billionaires and all, have a much more complicated level of encryption on the tables. but all the same you and I have plenty of time to change our steam passwords and report our card numbers as stolen. Im not too worried.

As it stands, the Passwords I have on my steam account and steam forum were seperate, my card is indeed stored on there but I'm not too worried about it. Not sure about Ireland but in the US banks are technically liable for reimbursing you for fraudulent charges.

...And they didn't take my 3 sitting gift games, so they havent been here :pac:

Icyseanfitz

and this is why i use paypal with everything

String

titan18 wrote: »

There's a checkbox asking you do you want to save credit card information. It's set to off as default I think

That is just for the users convenience and lets steam remember the details for you. If you bought through steam with a credit card in the past then it has been compromised as it is stored within a database, although they said it is encrypted but that doesnt mean its secure.

Tyrant^

You'd think all these corporations and governments being hit by hackers would collaborate and come up with with a solution by now !

Doctor_Socks

Tyrant^ wrote: »

You'd think all these corporations and governments being hit by hackers would collaborate and come up with with a solution by now !

The amount of research that's going on in the area of encryption is phenomenal! The reason so many things are able to be hacked so much faster now is due to graphics cards becoming so much cheaper in the last few years and you can accelerate decryption algorithms by a enormous factor on a GPU as opposed to a standard CPU.

Is there any other way to change your password rather then having to go through steam? I'm in college for the day and steam access is blocked by the college firewall so no way of accessing it until after 6. I know that there's pretty much no chance that i'm affected by this but i'd still like to change a few things on my account to feel secure.

SeantheMan

So much steam bashing.
Everyone and everysite is open to hacking, there is nothing or noone that is really immune whilst online .

I still love steam , their service and they are still the best thibg to happen to pc gaming in the last 5 years. I'll contact my credit card company later and tell them about the situation

First world problems eh ?

Stev_o

After all the talk about Steam being unhackable and oh look it gets hacked. Come on Gabe you should of known that the best defence is not proclaiming that you can hack our system.