quad Posted November 10, 2011 Share Posted November 10, 2011 Bold added. Dear Steam Users and Steam Forum Users,Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums. We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating. We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely. While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well. We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password. We will reopen the forums as soon as we can. I am truly sorry this happened, and I apologize for the inconvenience. Gabe. http://arstechnica.com/gaming/news/2011/11/valve-confirms-steam-hack-credit-cards-personal-info-may-be-stolen.ars Bit worrying.... Link to post Share on other sites More sharing options...
pigfacemonkeyman Posted November 10, 2011 Share Posted November 10, 2011 Oh dear! xxx Link to post Share on other sites More sharing options...
0gris Posted November 10, 2011 Share Posted November 10, 2011 At least the data was encrypted. Here's hoping the encryption is really good and the hackers wont be bothered to crack it. Link to post Share on other sites More sharing options...
Suzie MUFC Posted November 10, 2011 Share Posted November 10, 2011 Pretty angry that only via a random blog have I found out about this, instead of being directly, and imminently, told by Steam via an email. Also makes me angry at how relaxed they appear to be, not bothering to force password changes but "it wouldn't be a bad idea" for us to do it ourselves. Unbelieveable. Not had a problem with Steam when it came to the FM arguments, but this has totally changed my mind. Feel really bad for the people who have solely joined Steam just to use FM and no other games. Link to post Share on other sites More sharing options...
pigfacemonkeyman Posted November 11, 2011 Share Posted November 11, 2011 Pretty angry that only via a random blog have I found out about this, instead of being directly, and imminently, told by Steam via an email. Also makes me angry at how relaxed they appear to be, not bothering to force password changes but "it wouldn't be a bad idea" for us to do it ourselves. Unbelieveable.Not had a problem with Steam when it came to the FM arguments, but this has totally changed my mind. Feel really bad for the people who have solely joined Steam just to use FM and no other games. It's on their site: http://forums.steampowered.com/forums/ EDIT: oops, didn't notice the "told by Steam via email" bit. Link to post Share on other sites More sharing options...
x42bn6 Posted November 11, 2011 Share Posted November 11, 2011 Pretty angry that only via a random blog have I found out about this, instead of being directly, and imminently, told by Steam via an email. Also makes me angry at how relaxed they appear to be, not bothering to force password changes but "it wouldn't be a bad idea" for us to do it ourselves. Unbelieveable.Not had a problem with Steam when it came to the FM arguments, but this has totally changed my mind. Feel really bad for the people who have solely joined Steam just to use FM and no other games. I'm intrigued that there is no sign of this news on Steam's homepage nor Valve's homepage - it should be there smack bang in the middle to draw attention. I also agree that all Steam passwords should be reset - you have to assume that everything has been compromised (or that it's only a matter of time before they are). I guess money means more to them than security... Link to post Share on other sites More sharing options...
x42bn6 Posted November 11, 2011 Share Posted November 11, 2011 It's on their site:http://forums.steampowered.com/forums/ It's not good enough. If they have compromised a database containing Steam users' details, not just those on the forum, then every single Steam user is at risk, not just those who have an account on the forum. Link to post Share on other sites More sharing options...
Jibby123 Posted November 11, 2011 Share Posted November 11, 2011 To be fair when I tried to load up the game just a while ago, that message in the OP came up from Steam before the game kicked in. And put it this way that's the first message that's done that since I had to download the crap. Link to post Share on other sites More sharing options...
Suzie MUFC Posted November 11, 2011 Share Posted November 11, 2011 It's on their site:http://forums.steampowered.com/forums/ I don't use their forums. By default they should be telling people about this straight, not waiting for us to stumble across it. Link to post Share on other sites More sharing options...
Suzie MUFC Posted November 11, 2011 Share Posted November 11, 2011 To be fair when I tried to load up the game just a while ago, that message in the OP came up from Steam before the game kicked in. And put it this way that's the first message that's done that since I had to download the crap. I've never had any such message. Link to post Share on other sites More sharing options...
pigfacemonkeyman Posted November 11, 2011 Share Posted November 11, 2011 It's not good enough. If they have compromised a database containing Steam users' details, not just those on the forum, then every single Steam user is at risk, not just those who have an account on the forum. I totally agree. I was just responding to Suzie MUFC but missed a bit of her post. Link to post Share on other sites More sharing options...
Jibby123 Posted November 11, 2011 Share Posted November 11, 2011 I've never had any such message. I don't know why, but just saying what I had. I don't touch Steam, don't look at Steam, never had a message from them, until now. Steam was a massive step back imvho for FM. Link to post Share on other sites More sharing options...
Loversleaper Posted November 11, 2011 Share Posted November 11, 2011 Are they suggesting that we should close our credit cards? Link to post Share on other sites More sharing options...
pigfacemonkeyman Posted November 11, 2011 Share Posted November 11, 2011 It's not good enough. If they have compromised a database containing Steam users' details, not just those on the forum, then every single Steam user is at risk, not just those who have an account on the forum. Why let a little thing like this get in the way of selling games. Link to post Share on other sites More sharing options...
Barkermush Posted November 11, 2011 Share Posted November 11, 2011 I don't use their forums. Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager. Reading this, I feel sorry for people who do use their forums though. Link to post Share on other sites More sharing options...
alucasa Posted November 11, 2011 Share Posted November 11, 2011 I never used Steam forums. It's a place full of weirdos. And I use paypal for Steam anyway. Link to post Share on other sites More sharing options...
0gris Posted November 11, 2011 Share Posted November 11, 2011 I don't use their forums. Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager.Reading this, I feel sorry for people who do use their forums though. Can we keep this thread related to the topic at hand instead of atention seeking "steam sucks and i have no valid reason why" posts? It's weird that steam didnt contact anyone and yes, they definitely should seeing as you provide your email when you sign up and seems to be the obvious route to go with informing people... meh. And Loversleaper, they're saying to just reset your passwords and thats that, if you get any fraudelent charges on your CC just go to your bank and file a report, they'll sort it out if(and thats a massive IF) someone got a hold of your CC information. Link to post Share on other sites More sharing options...
Suzie MUFC Posted November 11, 2011 Share Posted November 11, 2011 I don't use their forums. Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager.Reading this, I feel sorry for people who do use their forums though. It's not just the forums though, it says that a database containing the sensitive info was taken. That can't be part of the forums. Link to post Share on other sites More sharing options...
DeadPanda Posted November 11, 2011 Share Posted November 11, 2011 Are they suggesting that we should close our credit cards? No. "We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Just that you are meant to keep an eye on things. There is no evidence of misuse at present so just keep an eye out if you're worried, which I doubt you should be at the moment. Link to post Share on other sites More sharing options...
0gris Posted November 11, 2011 Share Posted November 11, 2011 Ah. It seems that the letter is being spread out through Update News when you start up steam. A weird choice i know but hey. Link to post Share on other sites More sharing options...
Jibby123 Posted November 11, 2011 Share Posted November 11, 2011 Ah. It seems that the letter is being spread out through Update News when you start up steam. A weird choice i know but hey. Thanks. I was thinking I might have had more Stella's than I thought and imagined it. Link to post Share on other sites More sharing options...
Barkermush Posted November 11, 2011 Share Posted November 11, 2011 Can we keep this thread related to the topic at hand instead of atention seeking "steam sucks and i have no valid reason why" posts?It's weird that steam didnt contact anyone and yes, they definitely should seeing as you provide your email when you sign up and seems to be the obvious route to go with informing people... meh. And Loversleaper, they're saying to just reset your passwords and thats that, if you get any fraudelent charges on your CC just go to your bank and file a report, they'll sort it out if(and thats a massive IF) someone got a hold of your CC information. I don't remember saying Steam sucked? I did say I would not be using Steam if I had a choice, and that's my prerogative. But you can twist my words and say I was saying Steam sucks or whatever. And I was relating to the topic, after reading the story, I felt sorry for people who are signed up to the forums who's info could have been leaked, so I contributed to the topic by saying what I thought about it.. Link to post Share on other sites More sharing options...
pigfacemonkeyman Posted November 11, 2011 Share Posted November 11, 2011 Can we keep this thread related to the topic at hand instead of atention seeking "steam sucks and i have no valid reason why" posts?It's weird that steam didnt contact anyone and yes, they definitely should seeing as you provide your email when you sign up and seems to be the obvious route to go with informing people... meh. And Loversleaper, they're saying to just reset your passwords and thats that, if you get any fraudelent charges on your CC just go to your bank and file a report, they'll sort it out if(and thats a massive IF) someone got a hold of your CC information. "Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums." No."We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Just that you are meant to keep an eye on things. There is no evidence of misuse at present so just keep an eye out if you're worried, which I doubt you should be at the moment. Having no evidence doesn't mean everything is hunky dory. Link to post Share on other sites More sharing options...
0gris Posted November 11, 2011 Share Posted November 11, 2011 I don't remember saying Steam sucked?I did say I would not be using Steam if I had a choice, and that's my prerogative. But you can twist my words and say I was saying Steam sucks or whatever. And I was relating to the topic, after reading the story, I felt sorry for people who are signed up to the forums who's info could have been leaked, so I contributed to the topic by saying what I thought about it.. Hell, I wouldn't even use their Client, If it wasn't for SI forcing us to install and keep Steam installed, if we still want to keep playing Football Manager. Alright, you didn't say steam such outright, we could argue about the "underlying meaning" but that would get us nowhere really. But what did your post have to do with the issue or the topic at hand? Regardless, it was more aimed at the inevitable post that will come rather than yours "Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums." You mean they went and followed on to a lead began investigating and found out that more data was stolen than initialy thought instead of just leaving it alone? What do you want them to do? They got hacked and they investigated, I'm not following what you're trying to say. They're doing their jobs, they found out that more data was stolen, they're informing people(albeit via a bit of a weird method) and telling them to take precautions? No system is perfectly sadly, as much as we'd all love it to be, the year has been a total mess when it comes to hackings and this was one of the "better" results(Sony storing password in plaintext anyone?) Link to post Share on other sites More sharing options...
Indi75 Posted November 11, 2011 Share Posted November 11, 2011 Mods may wish to consider renaming the thread? The statement says no evidence of credit card details stolen. Present header is misleading and a tad hysterical. Link to post Share on other sites More sharing options...
Lawlore Posted November 11, 2011 Share Posted November 11, 2011 I would second Indi75's call to rename the thread. There is no reason to cause serious concern unduly- at the moment, this thread can offer no further firm information than what is being reported as Valve's in-client statement, which states that there is no "evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked". However, as the investigation is ongoing, if the situation changes and Valve does make further comment, by all means re-title the thread again. Link to post Share on other sites More sharing options...
BCFC_Mike Posted November 11, 2011 Share Posted November 11, 2011 All hail SI for making it a Steam Only activated game! IF and thats a big if, unrecognised payments are made via my card details, I will be taking action. And I am sure I won't be the only one. Link to post Share on other sites More sharing options...
Indi75 Posted November 11, 2011 Share Posted November 11, 2011 All hail SI for making it a Steam Only activated game! IF and thats a big if, unrecognised payments are made via my card details, I will be taking action. And I am sure I won't be the only one. Such as? :confused: Link to post Share on other sites More sharing options...
roykela Posted November 11, 2011 Share Posted November 11, 2011 Considering we've (or some of us) have known about the steam forums hack for a while now, i find it appalling that Valve haven't really mentioned anything before now. If it hadn't been for this forum i probably wouldn't have an idea at all, until i would've exited and restarted Steam. Don't know how many times i've started Steam today, for various reason, but only now did i get a message on startup - 4 days after. In my eyes that is just shockingly bad. Link to post Share on other sites More sharing options...
Carmi88 Posted November 11, 2011 Share Posted November 11, 2011 Wasn't that long ago SEGA got hacked and these forums were offline, hackers are pointless in life Link to post Share on other sites More sharing options...
ShirazS Posted November 11, 2011 Share Posted November 11, 2011 It is really worrying that people were able to get access to a database that contained such sensitive information. I also did not hear about this until today but it happened 5 days ago :/ Link to post Share on other sites More sharing options...
Indi75 Posted November 11, 2011 Share Posted November 11, 2011 Considering we've (or some of us) have known about the steam forums hack for a while now, i find it appalling that Valve haven't really mentioned anything before now.If it hadn't been for this forum i probably wouldn't have an idea at all, until i would've exited and restarted Steam. Don't know how many times i've started Steam today, for various reason, but only now did i get a message on startup - 4 days after. In my eyes that is just shockingly bad. It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero. Was the same thing with Sony, we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys. Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about. (Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't. Link to post Share on other sites More sharing options...
Almondo Posted November 11, 2011 Share Posted November 11, 2011 Considering we've (or some of us) have known about the steam forums hack for a while now, i find it appalling that Valve haven't really mentioned anything before now.If it hadn't been for this forum i probably wouldn't have an idea at all, until i would've exited and restarted Steam. Don't know how many times i've started Steam today, for various reason, but only now did i get a message on startup - 4 days after. In my eyes that is just shockingly bad. It is really worrying that people were able to get access to a database that contained such sensitive information.I also did not hear about this until today but it happened 5 days ago :/ I agree that it's not good enough on the amount of time taken to confirm this but it's still been a quicker time than it took Sony to tell us when the PSN was hacked, I believe that was at least 9 days before they confirmed it. Link to post Share on other sites More sharing options...
Coentrao Posted November 11, 2011 Share Posted November 11, 2011 Don't remember if i have ever registered on the steam forums nevertheless i'm sure i used a different password. In that case i should be safe right? It's only the forum accounts that have been compromised? Link to post Share on other sites More sharing options...
pigfacemonkeyman Posted November 11, 2011 Share Posted November 11, 2011 It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.Was the same thing with Sony, we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys. Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about. (Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't. From Steam announcement: "We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information." Link to post Share on other sites More sharing options...
roykela Posted November 11, 2011 Share Posted November 11, 2011 It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.Was the same thing with Sony, they we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys. Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about. (Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't. There is no evidence....is the official statement. Which often means: "we don't know". In that case, it's better to assume the worst and inform those involved....the customers. If nothing happens; well it might be a bit better creating a fuss about nothing, rather than do nothing about a big fuss. The latter will come back to haunt them later. And if it comes back to them, it will also affect the companies involved with them. There's a big chance they have to/choose to change strategies, when it comes do their business plans. People will lose their trust. And it doesn't really matter who's actually to blame....if anyone. As long as people get an impression and a thought about something, it'll be difficult to change those thoughts and impressions. That'll take time. Link to post Share on other sites More sharing options...
roykela Posted November 11, 2011 Share Posted November 11, 2011 I agree that it's not good enough on the amount of time taken to confirm this but it's still been a quicker time than it took Sony to tell us when the PSN was hacked, I believe that was at least 9 days before they confirmed it. Oh my. That is......i'm at a loss for words. Dont' have a PS so i don't really know anything detailed about that. Link to post Share on other sites More sharing options...
Barkermush Posted November 11, 2011 Share Posted November 11, 2011 My underlying meaning, if any, was that, thankfully I am not signed up to the Steam forums, and that I would not even be using Steam if I was given the choice. You can check all my posts, and I can assure you, that you will not find one post where I have said 'Steam sucks/Steam is rubbish'. Yeah I do have a gripe about being forced to have Steam installed, if I want to play FM12. But not because Steam sucks, but because I don't want to use Steam, which as I said before, that is my prerogative. But what did your post have to do with the issue or the topic at hand? Erm, it was my opinion on the Topic, it's a public forum where people post what they think etc, and it was my thought on the topic. The issue or topic at hand? If you look at the OP, it was not a question asking for help. http://arstechnica.com/gaming/news/2...-be-stolen.arsBit worrying.... It's a post with information, seeing what other people think of the matter imo. To which I said that, after reading the link, I feel sorry for people signed up to the forum etc. So I was posting about the topic at hand.. I could understand where you were coming from, if I had completly ignored the OP / not bothered to read the post or link, and I just posted 'Steam sucks' Or giggled at the users, who's information may have been leaked, because I am without empathy.. I really do feel sorry for the users who's information may have been leaked, and as this a thread about that topic, I posted how I feel. I really don't see how I am not within my rights to post my opinion about the subject in the thread? [i do apologise to other users, because now I am going off topic. But you got under my skin a little, with your first post, which came across that you were making me out to be a childish steam hater, who trolls at the first chance I get.] Link to post Share on other sites More sharing options...
Loversleaper Posted November 11, 2011 Share Posted November 11, 2011 It's perfectly normal to conduct a thorough forensic analysis to ascertain the scope of the breach. It's not as if there's a big klaxon going off on day zero.Was the same thing with Sony, we knew when they knew. At present they know they've been hacked, the suspect that a database has been hacked in addition to the forums. They've not indicated that this is the database, for all we know it could be a catalogue of game keys. Equally there is no evidence to suggest that card/payment details have been compromised and as such there's pretty much sod all to get excited about. (Tho I expect the anti-DRM crowd to wax wroth in faux rage and attempt to make this into the drama it frankly isn't. "We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information." Doesn't look like it is a database, unless I am living in denial then it seems that it is the database... Link to post Share on other sites More sharing options...
Indi75 Posted November 11, 2011 Share Posted November 11, 2011 "We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."Doesn't look like it is a database, unless I am living in denial then it seems that it is the database... 'A' versus 'The'. So, for all we know, it's a database for users in.... Hong Kong. The extent of the breach remains unknown, it's clearly not serious enough to warrant a shut down of the servers, and - tellingly - we aren't being forced to change our passwords either. All of which sums up a non event. Interesting target, clearly DRM related angst behind it, probably be SI's forums next Link to post Share on other sites More sharing options...
roykela Posted November 11, 2011 Share Posted November 11, 2011 'A' versus 'The'.So, for all we know, it's a database for users in.... Hong Kong. The extent of the breach remains unknown, it's clearly not serious enough to warrant a shut down of the servers, and - tellingly - we aren't being forced to change our passwords either. All of which sums up a non event. Interesting target, clearly DRM related angst behind it, probably be SI's forums next As long as that a is just that, they should assume the worst, while investigating. Preferably until it becomes "the". Hope SI forums doesn't get hit by this again. What should i do then. No FM (assuming the worst) and no forums Link to post Share on other sites More sharing options...
Loversleaper Posted November 11, 2011 Share Posted November 11, 2011 @Indi75 When you hack into a database and this database has the info described above, then it doesn't really matter if you live in Hong Kong or on the moon... Link to post Share on other sites More sharing options...
Indi75 Posted November 11, 2011 Share Posted November 11, 2011 I'm just saying, we've got no evidence after 4 days to suggest any drastic action. As such, I'm pretty relaxed. Grateful to Valve for the courtesy of an update, however trivial, moving on with life. If there were to be a problem, if the database mentioned happens to contain my details, if there's a risk; and if I need to... I'll change my cards over. might even change the odd password. No drama really. Link to post Share on other sites More sharing options...
Titicamara Posted November 11, 2011 Share Posted November 11, 2011 Just change your passwords and monitor your credit card activities for the time being. Link to post Share on other sites More sharing options...
Flohrinho Posted November 11, 2011 Share Posted November 11, 2011 Jesus. Not too long ago I already changed nearly all my passwords because psn was hacked and now steam. Wtf are these companies doing ffs? Link to post Share on other sites More sharing options...
shoome Posted November 11, 2011 Share Posted November 11, 2011 So that's patches forced upon users, a game that can't be played by a considerable number of users when (some) patches are implemented and now those poor bastards unfortunate enough to have supplied them have had their credit card details potentially compromised. But at least nobody pirated the game before release date. And 'Gabe' says "sorry", so it's all good... If this is the future of FM and gaming in general I think I'm going to be firing up the old Spectrum again. Link to post Share on other sites More sharing options...
Nik_Dut Posted November 11, 2011 Share Posted November 11, 2011 Lucky I haven't made my purchase this year. Time to look for 2012 update data for FM11. Nice move, SI and STEAM. Link to post Share on other sites More sharing options...
SeanNUFC Posted November 11, 2011 Share Posted November 11, 2011 Annoyingly can't change my password because just realized when trying that i have in my settings an old email of mine that got hacked . Can't change the email address for steam either as i need to go back to the original one, brilliant eh? Just aswell i used paypal and have a debit rather than credit card and can still log in. Link to post Share on other sites More sharing options...
leumd Posted November 11, 2011 Share Posted November 11, 2011 Annoyingly can't change my password because just realized when trying that i have in my settings an old email of mine that got hacked . Can't change the email address for steam either as i need to go back to the original one, brilliant eh? Just aswell i used paypal and have a debit rather than credit card and can still log in. I had this same issue but Steam support were able to change my account email address for me. All you need to provide is some specific info about your games library, purchase history and personal details. It was very straight forward. Link to post Share on other sites More sharing options...
wild2475 Posted November 11, 2011 Share Posted November 11, 2011 Well done SI and Sega! Steam is a prime target for hackers especially with their reputation among some of these people and now anyone buying the FM series is forced to have to submit their personal details to Steam to play the game. Everyone is at risk of being hacked but forcing people to use a company that many people detest and doesn't have the greatest reputation is not good and shows what an own goal it was. Link to post Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.