Sections

Steam forums back online after security breach

Thursday, 10th November 2011 22:41 GMT By Brenna Hillier

Steam’s forums are back online after a November 6 attack potentially exposed users’ private information stored in the company’s database.

The news was confirmed on the forums, and if you have any questions about what to do next, the thread on the matter is very thorough.

On November 10, Valve boss Gabe Newell confirmed the news that user details and credit card information “may have been compromised” after the defacement of the forums and its user database.

“I am truly sorry this happened and I apologize for the inconvenience,” Newell said in a statement at the time. “Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

“We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.

“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

“We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”

Steam forum users are required to go through a password reset process now that the system is back online, but Newell has also urged general Steam users to re-secure their accounts – especially if you use the same password.

The Steam forums were taken offline due to Sunday’s attack, and a message was posted advising users of maintenance.

Over the weekend, Steam members reported the forums had been hacked and defaced before going down, and a group called fkn0wned contacted press to claim responsibility.

It was initially believed that only Steam vBulletin-hosted forums had been compromised, protecting customer details.

Latest

51 Comments

  1. Anders

    This shit never ends, does it?

    #1 3 years ago
  2. Gekidami

    Well, there sure are a lot of PC fanboys with egg on their faces right now.

    #2 3 years ago
  3. Erthazus

    Fucking awesome and i just registered new card. Just 1 week ago.
    WTF is this?

    I don’t want to live in this planet anymore.

    @Gekidami, so, you already enjoyed some great experience on your PS3 with PSN?
    That sentence makes you:
    1) Retard
    2) Console fanboy

    #3 3 years ago
  4. Razor

    Gaaaaaaaaaaaaaaabe.

    #4 3 years ago
  5. DSB

    That just sucks. I thought Steam were better than that.

    I don’t get how there could ever be access to credit card info through the forums.

    #5 3 years ago
  6. jacobvandy

    Big fail from both VG247 and Kotaku… Newell didn’t “confirm” credit card info was compromised, the quote plainly states:

    “We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” Newell wrote. “We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”

    Also, he said only a few forum accounts have been known to be compromised, but NO STEAM ACCOUNTS:

    We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

    #6 3 years ago
  7. Erthazus

    BTW, thats why Modern Warfare 3 servers lagged as hell today (sometimes they never worked). I tried to play with my friend but could not do it.

    and i thought: WTF is this?

    all CoD games had perfect connection with STEAM in the past, so i was not so sure if Infinity Ward did something horrible with PC version

    #7 3 years ago
  8. Gekidami

    @3
    Rather than being butt hurt on here, i’d suggest you go and block your card.

    #8 3 years ago
  9. DarkElfa

    Probably because a lot of people use the same passwords for the forum as their steam.

    #9 3 years ago
  10. GamesPlayer1

    #5 Stepping stone attacks

    http://www.youtube.com/watch?v=AHeAFKx89xA

    #10 3 years ago
  11. gotee

    Why doesn’t Kotaku have a source? The forums were hacked a few days ago but not Steam itself — it’s been operating business as usual.

    By all means, change your passwords, but I doubt this will be much more than some dirt on the shoulder.

    This is a seriously misleading title. I expect as much from Kotaku, but fucks sake; read your own damn post VG247.

    #11 3 years ago
  12. aseddon130

    oooh them PC elitists will be sure pissed right about now!

    #12 3 years ago
  13. Erthazus

    @8, i’m not butt hurt because it’s just a forum (where i don’t sit) and there is still no evidence “that encrypted credit card numbers or personally identifying information were taken by the intruders”. (c)

    but still, blocking my card is the best solution here for the future if there will be confirmation.

    #13 3 years ago
  14. DSB

    @10 Well that’s my point. There shouldn’t be a backdoor.

    #14 3 years ago
  15. Cyanyde

    Oh snap son!
    :\
    I hope they never got mah pre-paid card!

    #15 3 years ago
  16. gotee

    Checked to make SteamGuard was still active on both accounts and CC info was removed from my last purchase (over two months ago).
    Yep.
    Back to gaming.

    #16 3 years ago
  17. Brenna Hillier

    We’ve had the official presser now and I’ve updated the article in light of that. I hope your concerns have been addressed.

    #17 3 years ago
  18. mathare92

    I have a Steam account, but have never used the forums. Would that make my info safe? Are the forum and main account databases entirely separate?

    #18 3 years ago
  19. Gekidami

    ^ Seems like they got past the forums, into Steam itself:

    “Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

    “We learned that intruders obtained access to a Steam database in addition to the forums.”

    I hope this group dont intend to be the new lulzsec, then again i really dont recall ever hearing about lulzsec being brought to justice, just some news about one member getting arrested followed by rumours that it was the wrong guy. So Why not?

    Maybe more means should be put towards actually catching these hackers then protecting systems against them, lets face it, they’ll always find a way in, maybe the fear of actually being caught might make them think twice about doing it in the first place.

    #19 3 years ago
  20. Virginityrocks

    Knowing Gabe, I’m sure a nice hat will be handed out for our trouble.

    #20 3 years ago
  21. DSB

    @19 Hackers aren’t going away, no matter how many of them you jail. We’re jailing drug dealers too, they don’t seem to be getting fewer.

    As long as big companies keep overlooking these kinds of things, it’s going to keep happening.

    @20 Hopefully a dunce cap.

    #21 3 years ago
  22. Virginityrocks

    Yeah, well. At least if Steam goes down, which it didn’t, we would still be able to surf the web, etc. It’s stupid that if PSN or XBL goes down, you’re pretty much SOL for anything online, gaming or not.

    #22 3 years ago
  23. gotee

    The forums had a message leading to a group before they were taken down but it could’ve just been a cover up. If it was actually done by those guys, they’re screwed.

    #23 3 years ago
  24. Gekidami

    @22
    Actually the PS3′s browser still worked.

    @21
    Yeah but theres clearly an issue to when it comes to tracking hackers down, if bank robbers got away with their crimes as easily as hackers did, there wouldnt be any banks left. I mean, i dont really follow these things, but by the looks of it hacking into a company and stealing info is practically a perfect crime, makes me wonder what other type of serious illegal stuff goes down on the internet, right under law enforcements noses without them being able to do anything about it.

    #24 3 years ago
  25. absolutezero

    Something negative happens to a set of gamers. HA _____ got ______.

    Guess it does’nt help that Ive been through this before. sigh. Children.

    #25 3 years ago
  26. GrimRita

    Some of you are total tits – really. This isnt about PC v Console! Both have had their fair share of issues and no matter how safe you make something, a determined hacker will get in some how – nothing is totally fool proof.

    Gabe is merely stating that as of now, there is no evidence of credit card details being hacked but to be safe, check!

    There’s clearly a group of arse-holes out there who are set on just screwing over anything to do with the games industry by hacking official websites and networks.

    And if they are caught, they should be FORCED to play on the Gizmondo!

    #26 3 years ago
  27. LOLshock94

    the group was called fkn0wned? definitely cod noobs

    #27 3 years ago
  28. Quasar

    thank god, fuck steam

    #28 3 years ago
  29. Virginityrocks

    Fuck you?

    #29 3 years ago
  30. Yoshi

    1. At least Gabe and Valve are being completely honest and saying everything they know so far and rather swiftly.
    2. If they did gain any Steam account passwords Steam Guard (if you have it activated) should keep you safe.
    3. Geki, fuck you troll.

    #30 3 years ago
  31. LOLshock94

    @30 sony did tell the truth but it just took them along time to get the information needed

    #31 3 years ago
  32. XurrionHun

    I don’t understand y everyone always shit their pants when something like happens. Don’t ur credit cards have any damn protection?? If anyone tries to use my credit card outside of where I usually use it, it gets blocked. And these shitbird hackers don’t even do it for the money most of the time, they just wanna troll the world like a buncha little douche bags.

    #32 3 years ago
  33. Yoshi

    http://www.youtube.com/watch?v=efHCdKb5UWc
    ^ Hackers :P

    @31 I know, it did take that fucking ages though. However I wasn’t just pointing at Sony, just more throwing it in the thin air.

    #33 3 years ago
  34. Talkar

    This makes me wonder why Steam Guard isn’t fully implemented yet. I’m not talking about the email you get when trying to sign in from a new PC, i’m talking about the integration with the 2nd generation i7 CPU’s. Why haven’t it been done yet? It is tech that has been used for a long time, so it is not like they have to invent the wheel.

    #34 3 years ago
  35. JimFear-666

    i wonder if cry babies will beg for free games this time

    #35 3 years ago
  36. DSB

    @24 Yeah, no doubt.

    They should be prosecuted to the fullest extent of the law, but the preventitive effect only goes so far. It means that most of the cowards stay out of it, and the rest are that more determined.

    When people talk about ramping up efforts on a special sort of crime, they’re usually running for office, and the measures they implement do little to keep anyone safe. They just hand society a little more vengeance.

    The best way to avoid this sort of thing is always going to be a network that sees these things coming. I’m seriously disappointed that Steam wasn’t more secure.

    #36 3 years ago
  37. Christopher Jack

    I remember claiming that Steam was vulnerable too, then I had PC fanboys like Erthazus, blackdreamhunk & several others laugh at that idea, then claim Steam was impenetrable. Where’s your god now? :P

    Anywhos, I’m a common Steam user & this effects me too so they’ll probably have my details too. :(

    #37 3 years ago
  38. DEADEYES

    i don’t care, using debit card so if it lost, stealers can’t buy anything because.. no money inside! =))

    #38 3 years ago
  39. OlderGamer

    Maybe we should all go back to the snes?

    #39 3 years ago
  40. G1GAHURTZ

    ^^ Only if we all get free copies of Street Fighter II Turbo.

    #40 3 years ago
  41. Gekidami

    @30
    No more swiftly then others. When did this happen? Last Sunday? Still took them 5 days to say that CC details may have been taken, and they left the service open for business in between time. Not exactly taking every precaution there, are they.

    #41 3 years ago
  42. Joe Musashi

    The store is still open?? Are they still accepting CC transactions?

    JM

    #42 3 years ago
  43. jnms

    Ok – so did CC details get taken or not:

    “We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

    And then he says:

    “We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

    So which is it?!?! Surely it can’t be both…

    #43 3 years ago
  44. Talkar

    @43
    Sure it can. They know the hackers got access to the DB, but they don’t know which, if any tables were taken from the DB, so therefore, they had access to everything, but Valve doesn’t know what was taken from it. Sorta like, your in a store, you have access to everything, you steal something, the owner of the store know you took something, but he doesn’t know what exactly.

    #44 3 years ago
  45. jnms

    @44, I’m not sure I understand.

    Surely if they ‘take’ the CC details – they aren’t actually removing them – they are simply copying them. So if they have access to the database, why would they not have copied it?

    #45 3 years ago
  46. Freek

    The password and creditcard information is encrypted, so yes, you can have acces to that database and copy the info. But no, that does not mean you can actually read any of that information.
    That’s why you encrypt things.

    So hold off on blocking your CC details untill Valve says otherwise.

    #46 3 years ago
  47. jnms

    @46 so they can take encrypted CC details and not be able to read them.

    But – how would Valve know whether or not the hackers are able to read them?

    #47 3 years ago
  48. RyougaZell

    @41
    My thoughts exactly. Its been a week already since this happened and we just learned.

    #48 3 years ago
  49. Yoshi

    I was just thinking wouldn’t it be funny if they traced it back to EA and Origin XD

    #49 3 years ago
  50. Stephany Nunneley

    Forums are back online. Post as been updated accordingly.

    #50 3 years ago
  51. dingleberrys

    I would like at least one free game because my forum account was hacked and I would like compensation

    #51 3 years ago

Comments are now closed on this article.