PDA

View Full Version : Steam possibly hacked...



daylight
07-11-2011, 20:25
The Steam forums have been down for most of the day and Eurogamer is now saying(and posting pictures)that Steam has been hacked.

As everyone with FM2012 has a Steam account I thought a warning should be posted although I am unsure if this is the right section.
Best to have a read of the article and take safety measures if your forum account match's your Steam account(a silly thing to do but some people do this)

http://www.eurogamer.net/articles/2011-11-07-why-are-the-steam-forums-offline

Again sorry if this in not in the right place.

Barside
07-11-2011, 20:28
iirc the forum is separate from the Steam client plus Eurogamer are just speculating.

daylight
07-11-2011, 20:30
That is why I said " take safety measures if your forum account match's your Steam account"..as in you use the same username and password(some people do this so it is easy to remember but a stupid thing to do)

And it is more than speculation if you search,people have been receiving e-mails from the hacker with the same message they left on the Steam forum.


http://www.inquisitr.com/157264/steam-forums-hacked/

CuRvZ
07-11-2011, 20:41
From what I heard, the account of one of the admin's (jmccaskey) on the board has been hacked (which means they somehow managed to get his password), so that would mean they didn't get any personal information on anyone (so no passwords anyway). And its indeed seperate from the Steam client. This hasn't been confirmed though, so no way to be certain.

daylight
07-11-2011, 20:45
Yeah it will more than likely be something like that but as I said and the articles say if you do use the same username/password for both places it would be better to change your Steam account password now...if for no other reason than it is stupid to have the same information on both places.

Unknown Hacker
07-11-2011, 20:46
It's not that serious though is it? Do people have credit cards linked to their steam accounts? Is that even possible?

daylight
07-11-2011, 20:47
It's not that serious though is it? Do people have credit cards linked to their steam accounts? Is that even possible?

Not to the forum accounts but yes to there Steam accounts.

daylight
07-11-2011, 21:16
Here is a link to 1up that also reports the story but also gives advice on how to use Steamguard....something everyone with a Steam account should use but maybe don't know of or did not bother to use it.

http://www.1up.com/news/steam-forums-down-after-hack

Unknown Hacker
07-11-2011, 21:43
Not to the forum accounts but yes to there Steam accounts.
Oof. Glad I use paypal for payment.

Dune297
07-11-2011, 22:01
1. Steam forums have separate accounts.
2. Steam accounts runs on a completely different platform, making it much harder to hack into a real Steam account.
3. Steam Guard basically prevents any stolen accounts, so they won't get through that for sure.
4. Gabe Newell, the head of Valve, gave out his Steam account's user/pass to everybody and offered a reward to whoever got into it. Nobody did.

Please don't bash Valve for this. They did the best they could, taking the forum down a mere ten minutes after it was hacked. (I'm a regular poster on the Steam forums and I witnessed such.)

GuitarMan
07-11-2011, 22:03
But then, if people do what steam say originally (and follow the advice given) (yes I know im dreaming) and use different logons for:

Steam Client
Steam Forums
Steam Support

Then actually if the forums are hacked you have nothing to worry about. Steam advise on the support certainly to make sure your account details differ to the Client logon...

As others have said to some this is common sense for any online setup to use different credentials for the accounts, but for some may not be so much common sense.

daylight
07-11-2011, 22:03
Oof. Glad I use paypal for payment.

Well it is not only the credit card problem but if your account is hacked it can be a real pain to get it back,In the time you wait to get it back it means you can not play any games attached to your account,Also if you play on-line games and the hacker has used cheats you can be banned(VAC servers)from playing on-line and this ban can not be reversed even if your account was stolen..so you could lose more than just your playing time and hassle of getting your account back.

phnompenhandy
07-11-2011, 22:03
Isn't it just safer anyway to keep Steam off-line for FM? I'd rather read on the forum that an update is out and check the changes before deciding whether to download it. I don't bother with achievements and I dont play other games on Steam. I'm sure there are many like me so just avoid the risk by going off-line.

daylight
07-11-2011, 22:09
1. Steam forums have separate accounts.
2. Steam accounts runs on a completely different platform, making it much harder to hack into a real Steam account.
3. Steam Guard basically prevents any stolen accounts, so they won't get through that for sure.
4. Gabe Newell, the head of Valve, gave out his Steam account's user/pass to everybody and offered a reward to whoever got into it. Nobody did.

Please don't bash Valve for this. They did the best they could, taking the forum down a mere ten minutes after it was hacked. (I'm a regular poster on the Steam forums and I witnessed such.)

As GuitarMan has said there are people that pay no attention to warnings and no-one in this post is bashing Valve,have not seen a single post even mentioning Valve or bashing Steam.

I am also a regular poster over at the official forums and love Steam,I very rarely buy a disc these days as Steam is just so simple and has some great sales.
There are people though that do not value there account as much as I do and use the same details for there forum account as well as there Steam account....hell these days people are still using "password" as there password....

This thread was just a warning and in noway is a hate thread against Steam...

Dune297
07-11-2011, 22:10
Unless hackers are able to get into your email and figure out the user/pass of your Steam account, you won't be hacked unless they somehow get into the whole Steam database, which is nearly impossible. There is no reason at all why this should affect you. This is what I mean by Steam Guard, took this pic myself. Make sure yours is enabled :).

http://img580.imageshack.us/img580/1643/steamguard.jpg

Matt ex SEGA
07-11-2011, 22:11
Steam possibly hacked...


...

Hmmm....
...

Dune297
07-11-2011, 22:11
As GuitarMan has said there are people that pay no attention to warnings and no-one in this post is bashing Valve,have not seen a single post even mentioning Valve.

I am also a regular poster over at the official forums and love Steam,I very rarely buy a disc these days as Steam is just so simple and has some great sales.
There are people though that do not value there account as much as I do and use the same details for there forum account as well as there Steam account....hell these days people are still using "password" as there password....

This thread was just a warning and in noway is a hate thread against Steam...
I know nobody has at the moment, I'm just saying it for the future, as I know a few people on this forum who despise Steam and love to use every little thing to their advantage ;).

daylight
07-11-2011, 22:17
Also Dune if you read what I wrote earlier not everyone uses Steamguard and I advised them to read the link I posted so they could enable it...also If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?

daylight
07-11-2011, 22:17
Hmmm....
...

Hehe I thought that also....when I seen he was looking at the thread I actually thought he was going to post it was him ;)

Dune297
07-11-2011, 22:20
Also Dune if you read what I wrote earlier not everyone uses Steamguard and I advised them to read the link I posted so they could enable it...also If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?
In that case I'd also recommend keepass (http://keepass.info/) or LastPass (https://lastpass.com/).

Tim_Cdy
07-11-2011, 22:24
Also Dune if you read what I wrote earlier not everyone uses Steamguard and I advised them to read the link I posted so they could enable it...also If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?

You are unfortunately right. Steam has been hacked before if I recollect correctly. Again though, maybe their Servers fell over for whatever reason or one bad apple has made a million other apples suffer.

Loversleaper
07-11-2011, 22:29
You are unfortunately right. Steam has been hacked before if I recollect correctly. Again though, maybe their Servers fell over for whatever reason or one bad apple has made a million other apples suffer.

Well, can't Steam delay it or something at least? ;)

:D

Tim_Cdy
07-11-2011, 22:31
Well, can't Steam delay it or something at least? ;)

:D

Sorry Loversleaper, not sure I get the gist of that. Had a tiring day at work. Please humour me :)

milnerpoint
07-11-2011, 22:34
Sorry Loversleaper, not sure I get the gist of that. Had a tiring day at work. Please humour me :)

He's referring to steam delaying piracy, i think :)

Tim_Cdy
07-11-2011, 22:40
Oh. Mmm, that would account for the downtime. Perhaps Steam detected some errors and they are doing an account security sweep. makes sense.

x42bn6
07-11-2011, 22:45
Nitpicking


3. Steam Guard basically prevents any stolen accounts, so they won't get through that for sure.

I'd argue every piece of software out there can be compromised in some way... Just because it hasn't been reported doesn't mean it hasn't been compromised.


4. Gabe Newell, the head of Valve, gave out his Steam account's user/pass to everybody and offered a reward to whoever got into it. Nobody did.

This is pretty much a publicity stunt on par with claims like: http://enigma-ds.net/Enigma-DS-2011/Challenge.html - you don't break software by offering a reward.

I do agree that you are relatively safe as long as you have separate login details for Steam and its forums... In practice, however, that percentage is stupidly low, because most people are idiots. :-/

Loversleaper
07-11-2011, 22:45
He's referring to steam delaying piracy, i think :)

It would be pretty cool if we had a week to ten days to change our passwords/close credit cards from the time of the initial hack... :thup:

daylight
07-11-2011, 22:51
Nitpicking



I'd argue every piece of software out there can be compromised in some way... Just because it hasn't been reported doesn't mean it hasn't been compromised.


It has been reported,as I said all the person needs is your email password which again comes down to user failure...I wonder how many people reading this thread are saying "crap I always use the same password so it is easy to remember for every site I visit"?

daylight
08-11-2011, 21:52
Starting to think this is more than just some mod's account getting hacked,36 hours now and still down.

This must be Steam and Valve's worst nightmare,there forums have been down when some of the biggest games of the year are either releasing or are set to release.
MW3 came out Today and in 2 days time Skyrim is releasing.

philly_flyer10
08-11-2011, 22:12
A lot of people will have the same password for the forums as their steam account.
If the hackers got their hands on the forum passwords, they are going to get thousands of steam accounts if only 1% of people use the same password.

Makes me even more glad I will never install steam.

I wonder if they will actually help people this time or tell them its their own fault they were hacked and they wont get their games back. :D

Dune297
08-11-2011, 22:22
A lot of people will have the same password for the forums as their steam account.
If the hackers got their hands on the forum passwords, they are going to get thousands of steam accounts if only 1% of people use the same password.

Makes me even more glad I will never install steam.

I wonder if they will actually help people this time or tell them its their own fault they were hacked and they wont get their games back. :D
There is a beautiful thing called Steam Guard that is automatically activated when you create an account and will prevent such. ;)

daylight
08-11-2011, 22:32
There is a beautiful thing called Steam Guard that is automatically activated when you create an account and will prevent such. ;)

You keep posting that but as I said "If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?"

Which in turn makes Steamguard useless.

Dune297
08-11-2011, 22:35
You keep posting that but as I said "If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?"

Which in turn makes Steamguard useless.
He said nothing about email.


If the hackers got their hands on the forum passwords, they are going to get thousands of steam accounts if only 1% of people use the same password.

daylight
08-11-2011, 22:38
If they "have" hacked the system then they have your email address....that is just common sense,then if you use the same password for your email account they can then get your emails as they have the address and password,then when Steamguard sends the email to confirm you have changed IP's they will get that email and your account.

Dune297
08-11-2011, 22:41
If they "have" hacked the system then they have your email address....that is just common sense,then if you use the same password for your email account they can then get your emails as they have the address and password,then when Steamguard sends the email to confirm you have changed IP's they will get that email and your account.
But not all of them would have the same password, and not all hackers would waste the time doing all that.

daylight
08-11-2011, 22:44
That is why no-one has said "everyone" is at risk,only the people that use the same password for everything...believe me there are quite a few,also a Steam account can be worth a lot of money on the market!..so yes any hacker that can hack Steam and get account details WILL go to the trouble.

Dune297
08-11-2011, 22:49
That is why no-one has said "everyone" is at risk,only the people that use the same password for everything...believe me there are quite a few,also a Steam account can be worth a lot of money on the market!..so yes any hacker that can hack Steam and get account details WILL go to the trouble.
I was quoting someone who said.


A lot of people will have the same password for the forums as their steam account.

Not for email and such. If he made it clear he was speaking about all passwords, I wouldn't disagree with him.

daylight
08-11-2011, 22:51
I was quoting someone who said.


Not for email and such. If he made it clear he was speaking about all passwords, I wouldn't disagree with him.

Yeah we can go in circle's all night but as I said before "If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?"

Dune297
08-11-2011, 22:54
Yeah we can go in circle's all night but as I said before "If someone is as stupid to use the same password for both the forum and Steam account what makes you think they are not stupid enough to use the same password for there email account?"
I never said they weren't, but like I said, he doesn't make the situation clear.

Also. Why does that make you glad you don't install Steam philly? Do you use the same passwords even though you know what can happen if one gets hacked?

themadsheep2001
08-11-2011, 23:20
Starting to think this is more than just some mod's account getting hacked,36 hours now and still down.

This must be Steam and Valve's worst nightmare,there forums have been down when some of the biggest games of the year are either releasing or are set to release.
MW3 came out Today and in 2 days time Skyrim is releasing.

Its more likely a case of better safe than sorry. They arent going to bring it back up until they know how it was breached, what info (if any) has been compromised, and if they are sure they can prevent it

daylight
08-11-2011, 23:30
Its more likely a case of better safe than sorry. They arent going to bring it back up until they know how it was breached, what info (if any) has been compromised, and if they are sure they can prevent it

That is why I am starting to think it is more than just a mod's account that has been hacked,If a mods account is hacked he can do certain things on a site but he has no access to private information.
You have to ask the question if it was a mod's account then why has it taken over 36 hours to get the site back up?

There has to be more to it than this,especially with the releases that are happening at this time.
I am sure Valve are working around the clock to sort this but if a mods account was hacked the system would be up and running a couple of hours later.

themadsheep2001
09-11-2011, 00:10
That is why I am starting to think it is more than just a mod's account that has been hacked,If a mods account is hacked he can do certain things on a site but he has no access to private information.
You have to ask the question if it was a mod's account then why has it taken over 36 hours to get the site back up?

There has to be more to it than this,especially with the releases that are happening at this time.
I am sure Valve are working around the clock to sort this but if a mods account was hacked the system would be up and running a couple of hours later.

I'm assuming the mod is adamant its not some error/cause on his part. Which presents the more sinister options.

But given the huge games coming out, i wouldnt be surprised if it was a deliberate attack

daylight
09-11-2011, 00:18
I'm assuming the mod is adamant its not some error/cause on his part. Which presents the more sinister options.

But given the huge games coming out, i wouldnt be surprised if it was a deliberate attack

Well that is also the strange part..

The site that was advertised on Steam after the attack quickly moved to say it was not them and then closed there site saying it was closed and had no part in the hack on Steam.
All very strange and this time to bring the site back up just add's to it.

They must have had a few things planned for the release of Skyrim..

No matter though...sorry FM fans(friends)...Skyrim is only 2 Days away and almost everything else will seem trivial come then ;)

Hope the forums are up by then though :)

themadsheep2001
09-11-2011, 00:36
Well that is also the strange part..

The site that was advertised on Steam after the attack quickly moved to say it was not them and then closed there site saying it was closed and had no part in the hack on Steam.
All very strange and this time to bring the site back up just add's to it.

They must have had a few things planned for the release of Skyrim..

No matter though...sorry FM fans(friends)...Skyrim is only 2 Days away and almost everything else will seem trivial come then ;)

Hope the forums are up by then though :)

How bizarre..

Skyrim Launch, if people though this site was busy on release, thats a whole new level. They'll be working flat out to get the forums back up for that.

I still need to finish Oblivion...

x42bn6
09-11-2011, 09:26
That is why I am starting to think it is more than just a mod's account that has been hacked,If a mods account is hacked he can do certain things on a site but he has no access to private information.

vBulletin doesn't work like that... Moderators sometimes have access to user profiles to change things like offensive signatures, and I believe email addresses show up there.

That said, the Eurogamer screenshot suggests a lot more than a moderator account has been compromised, as without external tools, the moderator control panel doesn't have the ability to modify the front page.

It doesn't look like they've compromised anything else, but you never know.

MeesterCat
09-11-2011, 09:49
This is why I don't sign up to forums.

...

Oh Shi...

milnerpoint
09-11-2011, 10:13
I would have thought if there was serious concern about private data being stolen we would have had an email from Valve recommending we change any passwords associated to steam.

Elohir
09-11-2011, 10:14
The Steam forums were hacked days ago. If you've registered to the site I'd definitely change your passwords to the forums (and on any other sites/apps you've used that password on).

x42bn6
09-11-2011, 11:18
I would have thought if there was serious concern about private data being stolen we would have had an email from Valve recommending we change any passwords associated to steam.It took Sony 9 days to send out emails after PSN was hacked.

milnerpoint
09-11-2011, 11:23
It took Sony 9 days to send out emails after PSN was hacked.

Really?? Thats pretty bad actually, i would have thought they would have got in touch with people quicker than that, i dont have a PS3 so i fortunately was not affected by it, still a bit shocking to hear.

Eugene Tyson
09-11-2011, 11:46
I have a PS3, and I wasn't affected by it at all.

Shadedancer
09-11-2011, 17:56
Consider the flak there have always been between the BF and COD series, I would wager the COD releasetime as being more likely as the cause of attack than Skyrim launching. There aren't any "battles" that I am aware of between Elder scrolls series and other series/studios.

It's interesting if the hackers being named by screenshots are denying it. I would have thought a thing like being able to get into Valves system would be something people would brag about if it was done at the "private hacker" level...

Sheddy
09-11-2011, 18:18
Steam is nothing but a grade A nightmare!

Shadedancer
09-11-2011, 20:42
Steam is nothing but a grade A nightmare!

I disagree. I'm pretty happy with steam to the point that I now almost excusively make my purchases through that portal.
As an effect, I now have a total of 321 games in my steam library.
Steam sales made me try out a LOT of games I prob would never have bothered with if they lay in a box in a shop.

daylight
09-11-2011, 20:52
Steam is nothing but a grade A nightmare!

I agree with Shadedancer,Steam is just fantastic for my gaming needs,I joined Steam a bit late(2006)and these days I could not imagine playing PC games without it.

I wonder how many new users that are whining about Steam at the moment will login around Christmas time and will be saying "Wtf....why are all these games so cheap..I mean 80% off Dead Island,75% off the full Fallout New Vegas collection,this Steam is great".

..FYI Steam has a huge sale at Christmas time and also in the Summer.

Also I have tried helping quite a few people on this forum when it comes to Steam and almost every time it is user error and not Steam's fault,people just tend to rush through things without stopping to read how Steam works,it really is not complicated,I have had 1 problem in 5 years and after a day it had sorted itself.

x42bn6
09-11-2011, 21:19
I wonder how many new users that are whining about Steam at the moment will login around Christmas time and will be saying "Wtf....why are all these games so cheap..I mean 80% off Dead Island,75% off the full Fallout New Vegas collection,this Steam is great".If they are whining about Steam, why would they log in? ...

Steam's pricing means a lot of countries in Europe get ripped off anyway, so a Steam sale is actually just going to bring prices down to what they are in the retail stores.

Personally, I don't really care about new games, which is why I am still playing FM08 and PES 6.

daylight
09-11-2011, 21:27
If they are whining about Steam, why would they log in? ...
Steam's pricing means a lot of countries in Europe get ripped off anyway, so a Steam sale is actually just going to bring prices down to what they are in the retail stores.


I would imagine that quite a few players will not set there Steam to offline as they are always connected to the internet and just launch the game from there Steam library and when they start Steam it shows the sales on the main page.

Also your 2nd point is just wrong,I take it you have never seen a Steam sale?I picked up quite a few games in there Summer sale and checked many many other on-line stores and they were no-where near the prices Steam was offering during there sale and the retail guys can't compete when it comes to the Steam sale...Did you read that they offer games at anywhere between 50-80% off?..I have seen games that were selling at 40 Euro's being sold for 10 Euro's...how is that retail price?..I am not talking about games that are years old either....

Jibby123
09-11-2011, 21:35
Also I have tried helping quite a few people on this forum when it comes to Steam and almost every time it is user error and not Steam's fault,people just tend to rush through things without stopping to read how Steam works,it really is not complicated.

That's a fair point, and you can't fault SI or the users of this forum for the support they give when there is a problem, but if so many are having problems because they're doing something wrong with a 3rd party software then it's over-cooking it to say it's the user's fault imho.

Not to sound like my Grandad, but is this Steam crap really better than it used to be when you bought a game, put it in the drive, click click click and played when and where you wanted to?? I don't get it.

daylight
09-11-2011, 21:50
That's a fair point, and you can't fault SI or the users of this forum for the support they give when there is a problem, but if so many are having problems because they're doing something wrong with a 3rd party software then it's over-cooking it to say it's the user's fault imho.

Not to sound like my Grandad, but is this Steam crap really better than it used to be when you bought a game, put it in the drive, click click click and played when and where you wanted to?? I don't get it.

They use it to cut down on piracy and I do not see that changing for future releases,I have to honestly say if Steam was the fault for players not able to play the game then every single person would not be able to play the game as everyone has to use Steam,I understand there is a problem with the Mac release that both SI and Steam are working on but out of the 100's of thousands if not million's of copies sold only a very small percentage are having problems launching and playing the game..so yes I would say it is a user fault for almost every case.

Jibby123
09-11-2011, 21:58
Fair one Daylight. I completely get why SI would protect what they put the man hours in to creating. That's only right.

Blame the leeches who hack the game, but it's just not progress to me. I am computer-illiterate (so maybe I am like my Grandad :D ) so when somebody says "check your cache" they might as well say it in Swahili because I have to google it to understand what they're on about. It's only through loads of frustration I've just about cracked downloading skins/logo's etc.

Is it just PC games, or do X-box/Playstation games need this nause??

I have a bee in my bonnet about how "you need online access" to even play a game now. It's assuming the whole world can get online to play it and the "I'm alright jack" attitude that brings. That's not progress to me.

daylight
09-11-2011, 22:07
Yeah I do understand your point mate,I really do.

As you said SI have to protect there product and in this day and age if they did not then they could lose 1000's of sale's.

As for verifying your cache etc there are a lot of threads on how to do it,including 1 in the stickies on this forum,also there is a lot of info on the Steam forum about this,or you can just post a thread in this forum and I am 100% sure someone will guide a player through it.

It basically comes down to that the player is not used to using a 3rd party to play there game and are already unnerved at the fact that they have to,When I 1st used Steam I was a bit "Ohh FFS how does this work" but as I said I could not imagine having my PC gaming hobby without it.

Honestly Steam has around 4 million users on-line at any given time.....they do not get those numbers because there system does not work ;)

Shadedancer
10-11-2011, 10:13
That's a fair point, and you can't fault SI or the users of this forum for the support they give when there is a problem, but if so many are having problems because they're doing something wrong with a 3rd party software then it's over-cooking it to say it's the user's fault imho.

Not to sound like my Grandad, but is this Steam crap really better than it used to be when you bought a game, put it in the drive, click click click and played when and where you wanted to?? I don't get it.

you don't have to mess around with cd's.

My ex-girlfriend used to hassle me because of the growing wall of gameboxes along the wall. It also started to annoy myself when I figured I wanted to try out a pseicific game and needed to romp through all my boxes to find the right one. I remember ending up with a huge mess where instead of having cd's organized I ended up having some organized, and some in a pile near the computer cause I used to play them often. Except that the often played ended up at some point not being often played and just became a pile of random games that were unorganized.

I've even bought some games on Steam I had hard copies of on cd's, simply because it makes things easier for me when I don't have to mess around with physical mediums.

Start up pc -> click, click, click -> play game

is alot more preferable to me than

start up pc -> rummage through gameboxes to find the game -> find out the box is empty -> try to remember where I put the cd -> find cd -> put cd in drive -> wait for the system to accept and pop up start screen -> click -> play

When I bought as physical copies only, I had to sort my games at somewhat regular intervals and figure out which ones I could live with not owning anymore and then throw them out or see if I could get a few scrapes for them at the local secondhand game store. Physical media just fills too much of my livingspace.

grep
10-11-2011, 10:38
NASA and FBI pcs are not impenetrable, Steam is a piece of cake for skilled hackers.

Shadedancer
10-11-2011, 11:25
NASA and FBI pcs are not impenetrable, Steam is a piece of cake for skilled hackers.

It was their forums, not their gameservice that got messed with. Quite a difference...

grep
10-11-2011, 13:18
It was their forums, not their gameservice that got messed with. Quite a difference...

You do not have knowledge in the matter. If they want to go into the gameservice section they will.

Shadedancer
10-11-2011, 14:34
You do not have knowledge in the matter. If they want to go into the gameservice section they will.

1) forums and game servers are totally different and even seperate different logins/passwords
2) forums was brought down asap by steam with the detectino of the hack, gameservice is up and running without any hitches at all

Sorry. You're just fearmongering for the sake of fearmongering.

The way to attack systems is to either
a) be incredible lucky at guessing
b) attack known (to you) exploits in the code
c) attack the 'human link'.

a) nobody can guard against, but the odds of it happening is in the order where becomming a multibillionare through a single lottery coupon is more likely, and more worthwhile too
b) is all about how sloppily the programs/OS-utilized were written. While nobody can know up front about all possible exploits, the chance of an exploit being utilizable in 2 vastly different systems (forums AND game servers) brings you back to the amount of 'luck' you would need for point 'a)' to happen. In other words: Not bloody likely.
c) is the easiest source to attack through, and why background checks and continued monitoring of companytime is more and more commonplace in jobs where you have responsibilities. While you can never cut out this weakness entirely, alot can be done to make it less likely, and I asume Valve are doing what they can to make sure their employees are loyal. Point 'c)' can still be exploited by making a dedicated attack on an emplyees private systems, which is likely less guarded than the corporate system, in order to unearth info.

Most likely scenario: Someone working with the forums was unlucky enough to get a malware on their system that allowed info of his/her login routines to the forums to be leaked. Working on forums from home isn't unlikely so seems plausible.

Working with the forums from home =/= working with gameservers from a protected system in a protected facility.

And given the security routines st up for regular users just using the client and forums, there's no way in hell they would have LESS security on supervisor abilities.

wild2475
10-11-2011, 15:30
This is the issue and one that was laughed off not that long ago by many people.
If you target the pirates they will target you, target them by bringing in Steam and they will hit your weak point, Steam
Appears to only be the Forums that were hit but based on Steam refusing to make any official response of the hack or any clarification on what the hack achieved it is kinda worrying.
Also there have been numerous sites with a range of information (some appear credible) on what the hack achieved which is even more worrying.

x42bn6
10-11-2011, 15:41
I would imagine that quite a few players will not set there Steam to offline as they are always connected to the internet and just launch the game from there Steam library and when they start Steam it shows the sales on the main page.

Not the point - you said that people whining about Steam would somehow log on to Steam (if they dislike something, why would they log on?) to see the sales...


Also your 2nd point is just wrong,I take it you have never seen a Steam sale?

I don't have Steam.


I picked up quite a few games in there Summer sale and checked many many other on-line stores and they were no-where near the prices Steam was offering during there sale and the retail guys can't compete when it comes to the Steam sale...Did you read that they offer games at anywhere between 50-80% off?..I have seen games that were selling at 40 Euro's being sold for 10 Euro's...how is that retail price?..I am not talking about games that are years old either....

In some parts of Europe, Steam rips off people anyway, so a huge discount is only making things "they way they should have been".


1) forums and game servers are totally different and even seperate different logins/passwords
2) forums was brought down asap by steam with the detectino of the hack, gameservice is up and running without any hitches at all

Sorry. You're just fearmongering for the sake of fearmongering.

The way to attack systems is to either
a) be incredible lucky at guessing
b) attack known (to you) exploits in the code
c) attack the 'human link'.

a) nobody can guard against, but the odds of it happening is in the order where becomming a multibillionare through a single lottery coupon is more likely, and more worthwhile too
b) is all about how sloppily the programs/OS-utilized were written. While nobody can know up front about all possible exploits, the chance of an exploit being utilizable in 2 vastly different systems (forums AND game servers) brings you back to the amount of 'luck' you would need for point 'a)' to happen. In other words: Not bloody likely.
c) is the easiest source to attack through, and why background checks and continued monitoring of companytime is more and more commonplace in jobs where you have responsibilities. While you can never cut out this weakness entirely, alot can be done to make it less likely, and I asume Valve are doing what they can to make sure their employees are loyal. Point 'c)' can still be exploited by making a dedicated attack on an emplyees private systems, which is likely less guarded than the corporate system, in order to unearth info.

Most likely scenario: Someone working with the forums was unlucky enough to get a malware on their system that allowed info of his/her login routines to the forums to be leaked. Working on forums from home isn't unlikely so seems plausible.

Working with the forums from home =/= working with gameservers from a protected system in a protected facility.

And given the security routines st up for regular users just using the client and forums, there's no way in hell they would have LESS security on supervisor abilities.

This is why the average person on the Internet gets hacked all the time. :D Misguided ideas on security being thrown around all the time.


The way to attack systems is to either
a) be incredible lucky at guessing

Brute force isn't a standard attack nowadays, but there's nothing "lucky" about chucking millions of guesses per minute at a system and getting a single hit.

Collision attacks and man-in-the-middle attacks can exploit luck to make things luckier than standard brute force, too.


b) attack known (to you) exploits in the code

Not really. Closed systems are unknown but get hacked all the time, due to things like SQL injection and replay attacks.

With SQL injection, you don't need to know anything about the database but with a few queries can know what to hit and eventually get juicy details.

I'd also note that systems based on open-source software are not necessarily weaker than closed-source despite the fact that the code is available to everyone and so are the exploits. All it comes down to is how well the code is written.


c) attack the 'human link'.

Fairly common but not the most reliable method, as humans are unpredictable.

CuRvZ
10-11-2011, 16:59
This is the issue and one that was laughed off not that long ago by many people.
If you target the pirates they will target you, target them by bringing in Steam and they will hit your weak point, Steam
Appears to only be the Forums that were hit but based on Steam refusing to make any official response of the hack or any clarification on what the hack achieved it is kinda worrying.
Also there have been numerous sites with a range of information (some appear credible) on what the hack achieved which is even more worrying.

Actually, that is nonsense. I assume that with 'pirates' you refer to the release groups cracking the games, who are actually people that hack computer software as a hobby/passion. They do not see Steam as an enemy, they see it as a challenge and the harder it is to crack the more they see it as a challenge. There also seems to be somewhat of a competition going between different release groups as to who gets a game out first. All they do is remove software protection from games, and release those.

The people hacking into websites and forums are a different crowd, and this time it seems to be made up of a group that codes cheats for games and some other nasty stuff. The people that crack the games would have absolutely no benefit from hacking into the steam forums at all, nor would they benefit from the removal of all anti-piracy measures, cuz that would leave them without stuff to crack. I honestly wouldn't know how much these different groups overlap, but they are not the same. So not to laugh it off, but this has nothing to do with pirates.

Anyway, Valve always take their time with everything, but I would also love to have an official response from them.

grep
10-11-2011, 17:03
1) forums and game servers are totally different and even seperate different logins/passwords
2) forums was brought down asap by steam with the detectino of the hack, gameservice is up and running without any hitches at all

Sorry. You're just fearmongering for the sake of fearmongering.

The way to attack systems is to either
a) be incredible lucky at guessing
b) attack known (to you) exploits in the code
c) attack the 'human link'.

a) nobody can guard against, but the odds of it happening is in the order where becomming a multibillionare through a single lottery coupon is more likely, and more worthwhile too
b) is all about how sloppily the programs/OS-utilized were written. While nobody can know up front about all possible exploits, the chance of an exploit being utilizable in 2 vastly different systems (forums AND game servers) brings you back to the amount of 'luck' you would need for point 'a)' to happen. In other words: Not bloody likely.
c) is the easiest source to attack through, and why background checks and continued monitoring of companytime is more and more commonplace in jobs where you have responsibilities. While you can never cut out this weakness entirely, alot can be done to make it less likely, and I asume Valve are doing what they can to make sure their employees are loyal. Point 'c)' can still be exploited by making a dedicated attack on an emplyees private systems, which is likely less guarded than the corporate system, in order to unearth info.

Most likely scenario: Someone working with the forums was unlucky enough to get a malware on their system that allowed info of his/her login routines to the forums to be leaked. Working on forums from home isn't unlikely so seems plausible.

Working with the forums from home =/= working with gameservers from a protected system in a protected facility.

And given the security routines st up for regular users just using the client and forums, there's no way in hell they would have LESS security on supervisor abilities.

Reading your post it seems Steam is safer than Fort Knox and the web world is impenetrable.

I respect your opinion but if Nasa, White House, FBI etc site have been violated I see no reason to think that Steam could be safer.

Told that, if you feel confident about that, I understand.

CuRvZ
10-11-2011, 17:08
Reading your post it seems Steam is safer than Fort Knox and the web world is impenetrable.

I respect your opinion but if Nasa, White House, FBI etc site have been violated I see no reason to think that Steam could be safer.

Told that, if you feel confident about that, I understand.

I think what he meant to say is that getting into Steam is very hard to achieve, and would need a considerable amount of luck (if their security is up to scratch). Nothing on the interwebs is impossible to hack, and from screenshots I have seen from the forums, it did seem like the account of one of the admins was hacked, which could be thanks to malware on his pc, or someone figuring out/guessing his password.

grep
10-11-2011, 17:11
I think what he meant to say is that getting into Steam is very hard to achieve, and would need a considerable amount of luck (if their security is up to scratch). Nothing on the interwebs is impossible to hack, and from screenshots I have seen from the forums, it did seem like the account of one of the admins was hacked, which could be thanks to malware on his pc, or someone figuring out/guessing his password.

Told like that I agree except one statement.

To gain credentials of a forum is of course really hard but it does not relies on luck but on skill and determination instead.

Kriss
10-11-2011, 17:27
As this really isn't anything to do with FM (until such time as actual accounts get hacked) and people are so damned argumentative :D

Closed.