Another Steam thread

[kieron]

Steam sent me this message when trying to play FM12 -----

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

Can i say a big thanks to SI for making loyal users of football manager series subject to this pathetic excuse of a system known as steam!!!!

re-think next year please

[soldierblue123]

SI cannot be held responsible or accountable for this attack on Steam by hackers. Therefore, let's not blame SI at all. Like you I would prefer not to use Steam and I only do so to play Fm2012. But please let's not apportion blame anywhere except where it is deserved.

[SL19]

Behave.:D:D:D

[Malak]

I am not bothered about steam, however this shows that people should have a choice !

[Unknown Hacker]

I think blaming SI is the wrong course of action entirely here. It's Steam's fault completely, and maybe SI will rethink next year however I like this new no disk system so I won't be complaining about it.

Also, I used paypal so as far as I'm aware it doesn't affect me...

[Aim_Less]

there is no evidence they managed to crack the database protection system

Blaming SI on a issue that is not their fault , there have been lots of hacking issues lately . Sony is also an example of this witch they left their database without encryption ( it was store in plain text )

There are no reports of accounts being compromised or id theft so far

[davehanson]

I can see both sides of the coin here.

I have no issue's with SI, however, at the end of the day it was SI that forced people to use Steam when they decided to go down that route of authentication. They would have evaluated all risk elements, both to themselves and to the public. Anytime anyone keeps their credit/debit card details on file via the internet there is a risk element.

Obviously the over-riding blame lies with Steam, but SI/Sega (And it is Sega's influence that has 'forced' SI to go the Steam only route ala Total War) must take a portion of responsibility (not blame) for this.

And, for what it is worth, I learnt my lesson with debit/credit card details when Shopto got hacked. Now I only ever pay for things online via paypal.

[Carmi88]

the OP is a moron

[davehanson]

TBF the OP wasn't blaming SI for the hack , but merely saying SI made him use Steam. Can anyone argue against that?

[Dave9ffc]

More worrying is the complete lack of communication from SI about it, no official comment and the now 2 closed threads demonstrating a washing of the hands mentality, Steam isn't us so go bother them, yet I as many people have no need for Steam other than to play FM. Hacks can and will happen but SI's response is poor that can't be argued. Again profit and image over putting customers first.

[Lawlore]

To quote myself, from the locked thread (http://community.sigames.com/showthread.php/286587-Valve-confirms-Steam-security-breach?p=7298509&viewfull=1#post7298509)

Had FM12 not been Steam-only, nobody would have a valid argument that SI or Sega should do or say anything about it- they would have every right to direct people's complaints and problems to Valve. It's not an FM12 problem, and, in fairness, I highly doubt SI know a great deal more about the current situation than anyone else. It would fall entirely on Valve's shoulders, and Valve's public image.

That's not the case. The decision was taken to exclusively use Steam, so Steam is now an essential part of FM12. In taking that decision, SI told its customer base to trust Valve- particularly those who had never used it before for whatever reason and may have required some convincing. Some didn't, many did. However, in asking for that trust, the other side of that coin is that they must also take a share- not necessarily the lion's share, but a share nonetheless- of responsibility when that trust is broken. The simple fact is that if FM12 weren't Steam-only, a portion of unknown size of its userbase would not have to worry about being affected by this situation at all. For that reason, for their own good, SI need to come out, hold their hands up and acknowledge that.

I'm not an SI basher, nor a Steam basher. I personally dislike distribution platforms of this nature, including PSN and XBL, for this very reason- it makes them worthwhile targets. I recognise the strengths of Steam as a distribution platform, I can understand why many people see it as the future of PC gaming, and I recognise that it was highly successful in preventing pre-release piracy of FM12, which was always stated as one of SI's key goals in the switch. I chose not to buy FM12 because of Steam. I'm disappointed that was the choice I had, but it was my choice, I voted with my wallet.

[writinguy]

It seems like everyone here has forgotten a little letter we all received in June about this very forum being hacked, and yet somehow, you've all managed to find enough trust in Sega/SI to come back here.

I also wonder how many of you used some of the other schemes that SI implemented last year... like Byteshield, or remember the outages and problems that thing had when it was first implemented. Or are aware of just how deep the rabbit hole of DRM goes... it is a lot uglier than this. I don't think some of you realize how bad other DRM schemes are.

The fact that they are using a single DRM method also means that instead of having to split their attention making a whole bunch of different patches, they can make single, better patches, and it is likely easier to track down specific problems and reproduce them.

I am not saying you should be happy about Steam getting hacked... no one should be, but compared with the alternative methods of DRM or, I don't know, not having these games to begin with (because look at what piracy did to the Eastside Hockey Manager series), it is the least of all the evils in this scenario.

[davehanson]

It seems like everyone here has forgotten a little letter we all received in June about this very forum being hacked, and yet somehow, you've all managed to find enough trust in Sega/SI to come back here.

How many people register their credit/debit card details on this forum? people might have been a little more reluctant to do so if that was the case.

[Ackter]

http://community.sigames.com/showthread.php/286587-Valve-confirms-Steam-security-breach

Thread here with advice for people regarding this issue (closed thread, and now this one is too because it'll just go the same way and be full of bickering).

[Ackter]

Am adding Matt's post from the other thread to this one:

Like their hundreds of other development partners and 30 million plus customers, we're dependent on Steam to provide us updates regarding the issues they've had. They're best placed to deal with this and advise on it, obviously.

I've followed the official line on changing password (they suggest that this is more important if you also have a Steam forum account). Our friends at Eurogamer have provided some information on how to do this here: http://www.eurogamer.net/articles/2011-11-11-how-to-change-your-steam-password

As regards credit cards - they're quite clear. Again, quoting from Eurogamer - http://www.eurogamer.net/articles/2011-11-10-valve-confirms-steam-security-breach:

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

"We don't have evidence of credit card misuse at this time," the note continued. "Nonetheless you should watch your credit card activity and statements closely."

In my opinion, that's quite definitive.

I'm unaware of anything else we have to say at this time, but if there is going to be a statement, it'll be made and stickied on these forums.

Cheers

Matt