Steam forums back online after security breach

This shit never ends, does it?

Well, there sure are a lot of PC fanboys with egg on their faces right now.

Fucking awesome and i just registered new card. Just 1 week ago.
WTF is this?

I don’t want to live in this planet anymore.

@Gekidami, so, you already enjoyed some great experience on your PS3 with PSN?
That sentence makes you:
1) Retard
2) Console fanboy

Gaaaaaaaaaaaaaaabe.

That just sucks. I thought Steam were better than that.

I don’t get how there could ever be access to credit card info through the forums.

Big fail from both VG247 and Kotaku… Newell didn’t “confirm” credit card info was compromised, the quote plainly states:

“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” Newell wrote. “We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”

Also, he said only a few forum accounts have been known to be compromised, but NO STEAM ACCOUNTS:

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

BTW, thats why Modern Warfare 3 servers lagged as hell today (sometimes they never worked). I tried to play with my friend but could not do it.

and i thought: WTF is this?

all CoD games had perfect connection with STEAM in the past, so i was not so sure if Infinity Ward did something horrible with PC version

@3
Rather than being butt hurt on here, i’d suggest you go and block your card.

Probably because a lot of people use the same passwords for the forum as their steam.

#5 Stepping stone attacks

http://www.youtube.com/watch?v=AHeAFKx89xA

Why doesn’t Kotaku have a source? The forums were hacked a few days ago but not Steam itself — it’s been operating business as usual.

By all means, change your passwords, but I doubt this will be much more than some dirt on the shoulder.

This is a seriously misleading title. I expect as much from Kotaku, but fucks sake; read your own damn post VG247.

oooh them PC elitists will be sure pissed right about now!

@8, i’m not butt hurt because it’s just a forum (where i don’t sit) and there is still no evidence “that encrypted credit card numbers or personally identifying information were taken by the intruders”. (c)

but still, blocking my card is the best solution here for the future if there will be confirmation.

@10 Well that’s my point. There shouldn’t be a backdoor.

Oh snap son!
:\
I hope they never got mah pre-paid card!

Checked to make SteamGuard was still active on both accounts and CC info was removed from my last purchase (over two months ago).
Yep.
Back to gaming.

We’ve had the official presser now and I’ve updated the article in light of that. I hope your concerns have been addressed.

I have a Steam account, but have never used the forums. Would that make my info safe? Are the forum and main account databases entirely separate?

^ Seems like they got past the forums, into Steam itself:

“Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

“We learned that intruders obtained access to a Steam database in addition to the forums.”

I hope this group dont intend to be the new lulzsec, then again i really dont recall ever hearing about lulzsec being brought to justice, just some news about one member getting arrested followed by rumours that it was the wrong guy. So Why not?

Maybe more means should be put towards actually catching these hackers then protecting systems against them, lets face it, they’ll always find a way in, maybe the fear of actually being caught might make them think twice about doing it in the first place.

Knowing Gabe, I’m sure a nice hat will be handed out for our trouble.

@19 Hackers aren’t going away, no matter how many of them you jail. We’re jailing drug dealers too, they don’t seem to be getting fewer.

As long as big companies keep overlooking these kinds of things, it’s going to keep happening.

@20 Hopefully a dunce cap.

Yeah, well. At least if Steam goes down, which it didn’t, we would still be able to surf the web, etc. It’s stupid that if PSN or XBL goes down, you’re pretty much SOL for anything online, gaming or not.

The forums had a message leading to a group before they were taken down but it could’ve just been a cover up. If it was actually done by those guys, they’re screwed.

@22
Actually the PS3′s browser still worked.

@21
Yeah but theres clearly an issue to when it comes to tracking hackers down, if bank robbers got away with their crimes as easily as hackers did, there wouldnt be any banks left. I mean, i dont really follow these things, but by the looks of it hacking into a company and stealing info is practically a perfect crime, makes me wonder what other type of serious illegal stuff goes down on the internet, right under law enforcements noses without them being able to do anything about it.

Something negative happens to a set of gamers. HA _____ got ______.

Guess it does’nt help that Ive been through this before. sigh. Children.

Some of you are total tits – really. This isnt about PC v Console! Both have had their fair share of issues and no matter how safe you make something, a determined hacker will get in some how – nothing is totally fool proof.

Gabe is merely stating that as of now, there is no evidence of credit card details being hacked but to be safe, check!

There’s clearly a group of arse-holes out there who are set on just screwing over anything to do with the games industry by hacking official websites and networks.

And if they are caught, they should be FORCED to play on the Gizmondo!

the group was called fkn0wned? definitely cod noobs

thank god, fuck steam

Fuck you?

1. At least Gabe and Valve are being completely honest and saying everything they know so far and rather swiftly.
2. If they did gain any Steam account passwords Steam Guard (if you have it activated) should keep you safe.
3. Geki, fuck you troll.

@30 sony did tell the truth but it just took them along time to get the information needed

I don’t understand y everyone always shit their pants when something like happens. Don’t ur credit cards have any damn protection?? If anyone tries to use my credit card outside of where I usually use it, it gets blocked. And these shitbird hackers don’t even do it for the money most of the time, they just wanna troll the world like a buncha little douche bags.

http://www.youtube.com/watch?v=efHCdKb5UWc
^ Hackers

@31 I know, it did take that fucking ages though. However I wasn’t just pointing at Sony, just more throwing it in the thin air.

This makes me wonder why Steam Guard isn’t fully implemented yet. I’m not talking about the email you get when trying to sign in from a new PC, i’m talking about the integration with the 2nd generation i7 CPU’s. Why haven’t it been done yet? It is tech that has been used for a long time, so it is not like they have to invent the wheel.

i wonder if cry babies will beg for free games this time

@24 Yeah, no doubt.

They should be prosecuted to the fullest extent of the law, but the preventitive effect only goes so far. It means that most of the cowards stay out of it, and the rest are that more determined.

When people talk about ramping up efforts on a special sort of crime, they’re usually running for office, and the measures they implement do little to keep anyone safe. They just hand society a little more vengeance.

The best way to avoid this sort of thing is always going to be a network that sees these things coming. I’m seriously disappointed that Steam wasn’t more secure.

I remember claiming that Steam was vulnerable too, then I had PC fanboys like Erthazus, blackdreamhunk & several others laugh at that idea, then claim Steam was impenetrable. Where’s your god now?

Anywhos, I’m a common Steam user & this effects me too so they’ll probably have my details too.

i don’t care, using debit card so if it lost, stealers can’t buy anything because.. no money inside! =))

Maybe we should all go back to the snes?

^^ Only if we all get free copies of Street Fighter II Turbo.

@30
No more swiftly then others. When did this happen? Last Sunday? Still took them 5 days to say that CC details may have been taken, and they left the service open for business in between time. Not exactly taking every precaution there, are they.

The store is still open?? Are they still accepting CC transactions?

JM

Ok – so did CC details get taken or not:

“We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

And then he says:

“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

So which is it?!?! Surely it can’t be both…

@43
Sure it can. They know the hackers got access to the DB, but they don’t know which, if any tables were taken from the DB, so therefore, they had access to everything, but Valve doesn’t know what was taken from it. Sorta like, your in a store, you have access to everything, you steal something, the owner of the store know you took something, but he doesn’t know what exactly.

@44, I’m not sure I understand.

Surely if they ‘take’ the CC details – they aren’t actually removing them – they are simply copying them. So if they have access to the database, why would they not have copied it?

The password and creditcard information is encrypted, so yes, you can have acces to that database and copy the info. But no, that does not mean you can actually read any of that information.
That’s why you encrypt things.

So hold off on blocking your CC details untill Valve says otherwise.

@46 so they can take encrypted CC details and not be able to read them.

But – how would Valve know whether or not the hackers are able to read them?

@41
My thoughts exactly. Its been a week already since this happened and we just learned.

I was just thinking wouldn’t it be funny if they traced it back to EA and Origin XD

Forums are back online. Post as been updated accordingly.