OH FOOOK! Steam has been hacked.

witnessmenow

Doctor_Socks wrote: »

The amount of research that's going on in the area of encryption is phenomenal! The reason so many things are able to be hacked so much faster now is due to graphics cards becoming so much cheaper in the last few years and you can accelerate decryption algorithms by a enormous factor on a GPU as opposed to a standard CPU.

Is there any other way to change your password rather then having to go through steam? I'm in college for the day and steam access is blocked by the college firewall so no way of accessing it until after 6. I know that there's pretty much no chance that i'm affected by this but i'd still like to change a few things on my account to feel secure.

Got to the IT department

Overheal

Stev_o wrote: »

After all the talk about Steam being unhackable

lol, where?

Every computer system imaginable is inevitably open to being hacked. The difference is how the data was handled, and again, Steam does a pretty good job of compartmentalizing it's data. That is, your forum and account are seperate, and account security changes require a third account - your email account - to access. That was the entire point of Steamguard. So even if they know your forum account, and your game account, they cant really do **** except make a few purchases at worst, they cant 'steal' the account because they can't change any of the security on it without also hacking into the email account. So if you have 3 uniquely different passwords for each account, they aren't going to do ****.

But again, who ever said the password information itself was uncrackable? The difference is how useful the data is.

kearneybobs

Overheal wrote: »

lol, where?

Every computer system imaginable is inevitably open to being hacked. The difference is how the data was handled, and again, Steam does a pretty good job of compartmentalizing it's data. That is, your forum and account are seperate, and account security changes require a third account - your email account - to access. That was the entire point of Steamguard. So even if they know your forum account, and your game account, they cant really do **** except make a few purchases at worst, they cant 'steal' the account because they can't change any of the security on it without also hacking into the email account. So if you have 3 uniquely different passwords for each account, they aren't going to do ****.

But again, who ever said the password information itself was uncrackable? The difference is how useful the data is.

I doubt it very much that Gabe Newell had said anything of the like. I too would like to see a source.

Magill

LOL, Sony and now Steam... ****ing hackers... nerds that don't like computer games.... go figure.

Mindkiller

Well I'm 'protected' by steam guard. What does that mean, exactly?

kearneybobs

Mindkiller wrote: »

Well I'm 'protected' by steam guard. What does that mean, exactly?

Overheal explains it pretty well a few posts up.

Overheal

Mindkiller wrote: »

Well I'm 'protected' by steam guard. What does that mean, exactly?

Steamguard means you opted to require your email account in order to make any changes to your steam account. That is, every time you want to change your password, you must first type in your existing password, log into your separate email account to retrieve a confirmation code, insert this code into Steam, and then create a new password. The same goes for changing your security questions, and even changing your email address in your account settings.

It basically means nobody can 'control' your steam account without also having access to your email account. So long as you keep both your email account and your steam account on separate passwords there's really not much way that knowing your steam password will allow a hacker to take over your email account, and thus its extremely difficult or impossible (without further hacking of the email server) to take over your steam account. It's basically lowjack for your Steam account.

Expect that after this hack they will upgrade this to all you to include requiring a proxy through your email in order to make Steam purchases.

marco_polo

Overheal wrote: »

Mindkiller wrote: »

Well I'm 'protected' by steam guard. What does that mean, exactly?

Steamguard means you opted to require your email account in order to make any changes to your steam account. That is, every time you want to change your password, you must first type in your existing password, log into your separate email account to retrieve a confirmation code, insert this code into Steam, and then create a new password. The same goes for changing your security questions, and even changing your email address in your account settings.

It basically means nobody can 'control' your steam account without also having access to your email account. So long as you keep both your email account and your steam account on separate passwords there's really not much way that knowing your steam password will allow a hacker to take over your email account, and thus its extremely difficult or impossible (without further hacking of the email server) to take over your steam account. It's basically lowjack for your Steam account.

Expect that after this hack they will upgrade this to all you to include requiring a proxy through your email in order to make Steam purchases.

Just to add to this a hacker can't even access the account from a computer that you haven't used before without an authentication code.

Overheal

Yes I forgot that one

daveyboy_1ie

Just keep an eye on your credit card transactions and take the appropriate action if you see anything unusual. This is common sense really, I log into my online banking most days as a matter of checking everything and it takes a minute or so. I might sound like I am being condescending but seriously I think it’s a good habit to get into.

Always hated Steam anyway, so no surprise they were compromised in some way.

ionapaul

I *think* I've steamguard in place (changed my password recently and had to get an email with a code before I could, I also need a code via email everytime I log onto Steam from a new computer) but regardless, I don't think I've ever posted on the Steam forums, I've just bought games from Steam and my credit card info is stored. Am I safe, if I don't have a Steam forums account?

Auvers

thank fcuk I only ever buy keys off those cheap sites

Overheal

daveyboy_1ie wrote: »

Just keep an eye on your credit card transactions and take the appropriate action if you see anything unusual. This is common sense really, I log into my online banking most days as a matter of checking everything and it takes a minute or so. I might sound like I am being condescending but seriously I think it’s a good habit to get into.

Always hated Steam anyway, so no surprise they were compromised in some way.

Naturally. Im prepared for the possibility that my debit card is in the wild.

Dyr

When I went home yesterday my house alarm was going off...does that mean that my steam account has ben hacked?

seyeM

Insert generic steam sucks comment here

GIVE US NEWS ON HL3 TO MAKE AMENDS GABE

Varik

****e like this happens and laws get past the world over that will probably be more far reaching and hash that deserved, in this case anything done to the hackers will be too lenient (crowbar to the face).

marco_polo

daveyboy_1ie wrote: »

Always hated Steam anyway, so no surprise they were compromised in some way.

I hope you feel at least a little bit guilty that your personal distain towards Steam was the primary motivating factor for the hackers. :pac:

seyeM

So this happens on the 6th, but Valve say nothing until both Modern Warfare 3 (8th) and Skyrim (11th) are released. Might they have held back on this crucial information to avoid any adverse effects to sales figures?

They should put a larger percentage of the money they're currently rolling in into network security.

Nody

Bambi wrote: »

When I went home yesterday my house alarm was going off...does that mean that my steam account has ben hacked?

No, your house alarm only goes off if your MS Live account was hacked; if your stem account was hacked it would leave the water running in the kitchen instead.

seyeM wrote: »

So this happens on the 6th, but Valve say nothing until both Modern Warfare 3 (8th) and Skyrim (11th) are released. Might they have held back on this crucial information to avoid any adverse effects to sales figures?

They should put a larger percentage of the money they're currently rolling in into network security.

They could have had 10 people watching network traffic (actually I'm quite sure there are more then that but anyway) and it would still get through.

The point of a hack is to get through a unknown weakness; ergo you can't watch for it as it is unknown (and not in a G. Bush kind of known unknown...) and no matter how much money you throw after it still goes through. All you can do is ensure appropiate seperation of data and encryption (all of which it appears Steam has done) for when it happens and appropiate follow up to avoid that specific issue in the future (which I'm quite certain will happen).

Amalgam

Sarky wrote: »

F*ck yeah 3V cards.

My Steam linked 'virtual Mastercard' is coming up as 'invalid' this morning. I had about €70 left on it. Last purchase was on Steam, Sunday morning.

I used the card for all sorts of purchases. Amazon book order last week etc.. same card.

Using the same brand of card for about two years now, never ever had any issues. I was a 3V user before that, again, no log in or invalid issues.

The coincidence is a bit troubling. I've emailed the card support.

Yakult

Enjoy my expired credit card asshole hackers!!

K.O.Kiki

Magill wrote: »

LOL, Sony and now Steam... ****ing hackers... nerds that don't like computer games.... go figure.

Not nerds.

They are cyber criminals — there's lots of money to be made here.

MadYaker

seyeM wrote: »

So this happens on the 6th, but Valve say nothing until both Modern Warfare 3 (8th) and Skyrim (11th) are released. Might they have held back on this crucial information to avoid any adverse effects to sales figures?

They should put a larger percentage of the money they're currently rolling in into network security.

Just becasue Valve held back the info doesnt mean nobody knew. I knew on the 7th, it was all over the internet, a message from a known hacker community called fknowned.com appeared on the forum homepage and then the forums were taken offline. As far as I know they have denied responsibility... This will cost Valve hugely in sales, especially if it turn out peoples credit card info was stolen.

This is why I ALWAYS use paypal. Come to think of it paypal would be the ****ing jackpot for any cyber theives....

kearneybobs

The Steam forums are back up. Had to change my password.

BopNiblets

So was it just the forums and not the credit card details? Have there been people whose credit cards have been used or what?

kearneybobs

BopNiblets wrote: »

So was it just the forums and not the credit card details? Have there been people whose credit cards have been used or what?

It says it all in the first post. The forums were hacked and they had access to the credit card data (which was hashed and salted too).

wench

Amalgam wrote: »

My Steam linked 'virtual Mastercard' is coming up as 'invalid' this morning. I had about €70 left on it. Last purchase was on Steam, Sunday morning.

Is it a Dublin City giftcard? If so, its unrelated. The company that ran the scheme had a liquidator appointed on Monday, and all the cards have shown as invalid since then.

http://www.insolvencyjournal.ie/home_more_details/11-11-07/Appointment_of_Official_Liquidator_Zapa_Technology_Limited.aspx

http://www.irishtimes.com/newspaper/finance/2011/1022/1224306297226.html

Sierra Oscar

BopNiblets wrote: »

So was it just the forums and not the credit card details? Have there been people whose credit cards have been used or what?

A database containing CC information was breached but so far there have been no reports of any fraudulent credit card use. The CC information was encrypted and the likes - but all the same better to be vigilant.

Optimalprimerib

Good, maybe they will close the whole thing down.

Sarky

Hacking Steam is like stealing from a fund for orphans or something. Some things should just be left alone.