Jump to content
Sports Interactive Community

Valve confirms Steam security breach

quad

By quad,
in Football Manager General Discussion

Recommended Posts

quad

quad

Posted
Posted

Bold added.

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

http://arstechnica.com/gaming/news/2011/11/valve-confirms-steam-hack-credit-cards-personal-info-may-be-stolen.ars

Bit worrying....

Link to post
Share on other sites
  • Replies 164
  • Created
  • Last Reply
Suzie MUFC

Suzie MUFC

Posted
Posted

Pretty angry that only via a random blog have I found out about this, instead of being directly, and imminently, told by Steam via an email. Also makes me angry at how relaxed they appear to be, not bothering to force password changes but "it wouldn't be a bad idea" for us to do it ourselves. Unbelieveable.

Not had a problem with Steam when it came to the FM arguments, but this has totally changed my mind. Feel really bad for the people who have solely joined Steam just to use FM and no other games.

Link to post
Share on other sites
pigfacemonkeyman

pigfacemonkeyman

Posted
Posted
Pretty angry that only via a random blog have I found out about this, instead of being directly, and imminently, told by Steam via an email. Also makes me angry at how relaxed they appear to be, not bothering to force password changes but "it wouldn't be a bad idea" for us to do it ourselves. Unbelieveable.

Not had a problem with Steam when it came to the FM arguments, but this has totally changed my mind. Feel really bad for the people who have solely joined Steam just to use FM and no other games.

It's on their site:

http://forums.steampowered.com/forums/

EDIT: oops, didn't notice the "told by Steam via email" bit.

Link to post
Share on other sites
x42bn6

x42bn6

Posted
Posted
Pretty angry that only via a random blog have I found out about this, instead of being directly, and imminently, told by Steam via an email. Also makes me angry at how relaxed they appear to be, not bothering to force password changes but "it wouldn't be a bad idea" for us to do it ourselves. Unbelieveable.

Not had a problem with Steam when it came to the FM arguments, but this has totally changed my mind. Feel really bad for the people who have solely joined Steam just to use FM and no other games.

I'm intrigued that there is no sign of this news on Steam's homepage nor Valve's homepage - it should be there smack bang in the middle to draw attention.

I also agree that all Steam passwords should be reset - you have to assume that everything has been compromised (or that it's only a matter of time before they are). I guess money means more to them than security...

Link to post
Share on other sites
Suzie MUFC

Suzie MUFC

Posted
Posted
To be fair when I tried to load up the game just a while ago, that message in the OP came up from Steam before the game kicked in. And put it this way that's the first message that's done that since I had to download the crap.

I've never had any such message.

Link to post
Share on other sites
0gris

0gris

Posted
Posted
I don't use their forums. Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager.

Reading this, I feel sorry for people who do use their forums though. :thdn:

Can we keep this thread related to the topic at hand instead of atention seeking "steam sucks and i have no valid reason why" posts?

It's weird that steam didnt contact anyone and yes, they definitely should seeing as you provide your email when you sign up and seems to be the obvious route to go with informing people... meh. And Loversleaper, they're saying to just reset your passwords and thats that, if you get any fraudelent charges on your CC just go to your bank and file a report, they'll sort it out if(and thats a massive IF) someone got a hold of your CC information.

Link to post
Share on other sites
Suzie MUFC

Suzie MUFC

Posted
Posted
I don't use their forums. Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager.

Reading this, I feel sorry for people who do use their forums though. :thdn:

It's not just the forums though, it says that a database containing the sensitive info was taken. That can't be part of the forums.

Link to post
Share on other sites
DeadPanda

DeadPanda

Posted
Posted
Are they suggesting that we should close our credit cards?

No.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,"

Just that you are meant to keep an eye on things. There is no evidence of misuse at present so just keep an eye out if you're worried, which I doubt you should be at the moment.

Link to post
Share on other sites
Barkermush

Barkermush

Posted
Posted
Can we keep this thread related to the topic at hand instead of atention seeking "steam sucks and i have no valid reason why" posts?

It's weird that steam didnt contact anyone and yes, they definitely should seeing as you provide your email when you sign up and seems to be the obvious route to go with informing people... meh. And Loversleaper, they're saying to just reset your passwords and thats that, if you get any fraudelent charges on your CC just go to your bank and file a report, they'll sort it out if(and thats a massive IF) someone got a hold of your CC information.

I don't remember saying Steam sucked?

I did say I would not be using Steam if I had a choice, and that's my prerogative. But you can twist my words and say I was saying Steam sucks or whatever.

And I was relating to the topic, after reading the story, I felt sorry for people who are signed up to the forums who's info could have been leaked, so I contributed to the topic by saying what I thought about it..

Link to post
Share on other sites
pigfacemonkeyman

pigfacemonkeyman

Posted
Posted
Can we keep this thread related to the topic at hand instead of atention seeking "steam sucks and i have no valid reason why" posts?It's weird that steam didnt contact anyone and yes, they definitely should seeing as you provide your email when you sign up and seems to be the obvious route to go with informing people... meh. And Loversleaper, they're saying to just reset your passwords and thats that, if you get any fraudelent charges on your CC just go to your bank and file a report, they'll sort it out if(and thats a massive IF) someone got a hold of your CC information.

"Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums." :rolleyes:

No.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,"

Just that you are meant to keep an eye on things. There is no evidence of misuse at present so just keep an eye out if you're worried, which I doubt you should be at the moment.

Having no evidence doesn't mean everything is hunky dory.

Link to post
Share on other sites
0gris

0gris

Posted
Posted
I don't remember saying Steam sucked?

I did say I would not be using Steam if I had a choice, and that's my prerogative. But you can twist my words and say I was saying Steam sucks or whatever.

And I was relating to the topic, after reading the story, I felt sorry for people who are signed up to the forums who's info could have been leaked, so I contributed to the topic by saying what I thought about it..

Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager.

Alright, you didn't say steam such outright, we could argue about the "underlying meaning" but that would get us nowhere really. But what did your post have to do with the issue or the topic at hand? Regardless, it was more aimed at the inevitable post that will come rather than yours

"Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums."

You mean they went and followed on to a lead began investigating and found out that more data was stolen than initialy thought instead of just leaving it alone? What do you want them to do? They got hacked and they investigated, I'm not following what you're trying to say. They're doing their jobs, they found out that more data was stolen, they're informing people(albeit via a bit of a weird method) and telling them to take precautions? No system is perfectly sadly, as much as we'd all love it to be, the year has been a total mess when it comes to hackings and this was one of the "better" results(Sony storing password in plaintext anyone?)

Link to post
Share on other sites
Lawlore

Lawlore

Posted
Posted

I would second Indi75's call to rename the thread.

There is no reason to cause serious concern unduly- at the moment, this thread can offer no further firm information than what is being reported as Valve's in-client statement, which states that there is no "evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked".

However, as the investigation is ongoing, if the situation changes and Valve does make further comment, by all means re-title the thread again.

Link to post
Share on other sites
roykela

roykela

Posted
Posted

Considering we've (or some of us) have known about the steam forums hack for a while now, i find it appalling that Valve haven't really mentioned anything before now.

If it hadn't been for this forum i probably wouldn't have an idea at all, until i would've exited and restarted Steam.

Don't know how many times i've started Steam today, for various reason, but only now did i get a message on startup - 4 days after.

In my eyes that is just shockingly bad.

Link to post
Share on other sites
Indi75

Indi75

Posted
Posted
Considering we've (or some of us) have known about the steam forums hack for a while now, i find it appalling that Valve haven't really mentioned anything before now.

If it hadn't been for this forum i probably wouldn't have an idea at all, until i would've exited and restarted Steam.

Don't know how many times i've started Steam today, for various reason, but only now did i get a message on startup - 4 days after.

In my eyes that is just shockingly bad.

It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.

Was the same thing with Sony, we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys.

Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about.

(Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't.

Link to post
Share on other sites
Almondo

Almondo

Posted
Posted
Considering we've (or some of us) have known about the steam forums hack for a while now, i find it appalling that Valve haven't really mentioned anything before now.

If it hadn't been for this forum i probably wouldn't have an idea at all, until i would've exited and restarted Steam.

Don't know how many times i've started Steam today, for various reason, but only now did i get a message on startup - 4 days after.

In my eyes that is just shockingly bad.

It is really worrying that people were able to get access to a database that contained such sensitive information.

I also did not hear about this until today but it happened 5 days ago :/

I agree that it's not good enough on the amount of time taken to confirm this but it's still been a quicker time than it took Sony to tell us when the PSN was hacked, I believe that was at least 9 days before they confirmed it.

Link to post
Share on other sites
pigfacemonkeyman

pigfacemonkeyman

Posted
Posted
It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.

Was the same thing with Sony, we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys.

Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about.

(Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't.

From Steam announcement: "We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."

Link to post
Share on other sites
roykela

roykela

Posted
Posted
It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.

Was the same thing with Sony, they we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys.

Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about.

(Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't.

There is no evidence....is the official statement. Which often means: "we don't know".

In that case, it's better to assume the worst and inform those involved....the customers.

If nothing happens; well it might be a bit better creating a fuss about nothing, rather than do nothing about a big fuss.

The latter will come back to haunt them later. And if it comes back to them, it will also affect the companies involved with them.

There's a big chance they have to/choose to change strategies, when it comes do their business plans.

People will lose their trust. And it doesn't really matter who's actually to blame....if anyone.

As long as people get an impression and a thought about something, it'll be difficult to change those thoughts and impressions.

That'll take time.

Link to post
Share on other sites
roykela

roykela

Posted
Posted
I agree that it's not good enough on the amount of time taken to confirm this but it's still been a quicker time than it took Sony to tell us when the PSN was hacked, I believe that was at least 9 days before they confirmed it.

Oh my. That is......i'm at a loss for words.

Dont' have a PS so i don't really know anything detailed about that.

Link to post
Share on other sites
Barkermush

Barkermush

Posted
Posted

My underlying meaning, if any, was that, thankfully I am not signed up to the Steam forums, and that I would not even be using Steam if I was given the choice.

You can check all my posts, and I can assure you, that you will not find one post where I have said 'Steam sucks/Steam is rubbish'.

Yeah I do have a gripe about being forced to have Steam installed, if I want to play FM12. But not because Steam sucks, but because I don't want to use Steam, which as I said before, that is my prerogative.

But what did your post have to do with the issue or the topic at hand?

Erm, it was my opinion on the Topic, it's a public forum where people post what they think etc, and it was my thought on the topic.

The issue or topic at hand?

If you look at the OP, it was not a question asking for help.

It's a post with information, seeing what other people think of the matter imo.

To which I said that, after reading the link, I feel sorry for people signed up to the forum etc. So I was posting about the topic at hand..

I could understand where you were coming from, if I had completly ignored the OP / not bothered to read the post or link, and I just posted 'Steam sucks' Or giggled at the users, who's information may have been leaked, because I am without empathy..

I really do feel sorry for the users who's information may have been leaked, and as this a thread about that topic, I posted how I feel.

I really don't see how I am not within my rights to post my opinion about the subject in the thread?

[i do apologise to other users, because now I am going off topic. :D

But you got under my skin a little, with your first post, which came across that you were making me out to be a childish steam hater, who trolls at the first chance I get.]

Link to post
Share on other sites
Loversleaper

Loversleaper

Posted
Posted
It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.

Was the same thing with Sony, we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys.

Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about.

(Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't.

"We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."

Doesn't look like it is a database, unless I am living in denial then it seems that it is the database...

Link to post
Share on other sites
Indi75

Indi75

Posted
Posted
"We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."

Doesn't look like it is a database, unless I am living in denial then it seems that it is the database...

'A' versus 'The'.

So, for all we know, it's a database for users in.... Hong Kong.

The extent of the breach remains unknown, it's clearly not serious enough to warrant a shut down of the servers, and - tellingly - we aren't being forced to change our passwords either. All of which sums up a non event.

Interesting target, clearly DRM related angst behind it, probably be SI's forums next :)

Link to post
Share on other sites
roykela

roykela

Posted
Posted
'A' versus 'The'.

So, for all we know, it's a database for users in.... Hong Kong.

The extent of the breach remains unknown, it's clearly not serious enough to warrant a shut down of the servers, and - tellingly - we aren't being forced to change our passwords either. All of which sums up a non event.

Interesting target, clearly DRM related angst behind it, probably be SI's forums next :)

As long as that a is just that, they should assume the worst, while investigating. Preferably until it becomes "the".

Hope SI forums doesn't get hit by this again. What should i do then. No FM (assuming the worst) and no forums :D

Link to post
Share on other sites
Indi75

Indi75

Posted
Posted

I'm just saying, we've got no evidence after 4 days to suggest any drastic action. As such, I'm pretty relaxed. Grateful to Valve for the courtesy of an update, however trivial, moving on with life.

If there were to be a problem, if the database mentioned happens to contain my details, if there's a risk; and if I need to... I'll change my cards over. might even change the odd password. No drama really.

Link to post
Share on other sites
shoome

shoome

Posted
Posted

So that's patches forced upon users, a game that can't be played by a considerable number of users when (some) patches are implemented and now those poor bastards unfortunate enough to have supplied them have had their credit card details potentially compromised.

But at least nobody pirated the game before release date. And 'Gabe' says "sorry", so it's all good...

If this is the future of FM and gaming in general I think I'm going to be firing up the old Spectrum again.

Link to post
Share on other sites
SeanNUFC

SeanNUFC

Posted
Posted

Annoyingly can't change my password because just realized when trying that i have in my settings an old email of mine that got hacked . Can't change the email address for steam either as i need to go back to the original one, brilliant eh? :) Just aswell i used paypal and have a debit rather than credit card and can still log in.

Link to post
Share on other sites
leumd

leumd

Posted
Posted
Annoyingly can't change my password because just realized when trying that i have in my settings an old email of mine that got hacked . Can't change the email address for steam either as i need to go back to the original one, brilliant eh? :) Just aswell i used paypal and have a debit rather than credit card and can still log in.

I had this same issue but Steam support were able to change my account email address for me. All you need to provide is some specific info about your games library, purchase history and personal details. It was very straight forward.

Link to post
Share on other sites
wild2475

wild2475

Posted
Posted

Well done SI and Sega!

Steam is a prime target for hackers especially with their reputation among some of these people and now anyone buying the FM series is forced to have to submit their personal details to Steam to play the game.

Everyone is at risk of being hacked but forcing people to use a company that many people detest and doesn't have the greatest reputation is not good and shows what an own goal it was.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...