Jump to content
Sports Interactive Community

Valve confirms Steam security breach

quad

By quad,
in Football Manager General Discussion

Recommended Posts

  • Replies 164
  • Created
  • Last Reply
  • Administrators
Neil Brock

Neil Brock

Posted
  • Administrators
Posted
For me the key issue is whether or not I should even have to worry about things like these for wanting to play a non-online game like Football Manager 2012. As I've said before; by having a mandatory third-party layer between the developer and the customer, Sports Interactive and SEGA are playing a dangerous game in punishing their customers with more layers of potential problems. When Steam is working, it has no advantages for me as a customer over a traditional install. When it's not working, I'm getting punished while SI/SEGA go "well at least the game wasn't cracked early".

As Sports Interactive/SEGA made the decision to force Steam upon anyone who wish to play their game, it will reflect back on them when this third party layer has problems. Whether that's right or wrong is irrelevant, SI/SEGA should take responsibility for their choice of putting all their customers in the hands of incompetent software developers. A choice that potentially could mean that some people will have their account and credit card info stolen.

And spare me this whole "not many people are affected" - Miles used the same argument in the Steam thread that you guys finally had to close down due to it being embarrassing that the Steam decision wasn't popular. Even if it only affects ONE of us, it's too many, and something that could have been avoided by using more intelligent and creative ways of preventing piracy.

The real question here is whether or not it was WORTH preventing early cracked versions of the game, in exchange for potential credit card hacking, account theft, all the technical issues listed in the support forums, all the issues with the extra software layer on top of the game, the dependance on third party connection in order to play, etc etc.

The truth is that Steam only benefits SI/SEGA, not the customers.

I'm sorry but to label Valve 'incompetent software developers' is an absolute joke and really shows have naive you're being in an attempt to put your point across.

And as we always state with people who state that everything "could have been avoided by using more intelligent and creative ways of preventing piracy" - if you have a way then please do let us know because we've tried quite a lot in the past and it seems we're damned if we do and damned if we don't.

Link to post
Share on other sites
x42bn6

x42bn6

Posted
Posted
That Gabe likes salt and hash. But no it means it was all encrypted well and while there was a security breach they probably do not have our password or anything, unlike Sony who just put peoples details (except credit cards) in text format.
No. Steam encrypted credit card details, and salted and hashed passwords. There's no evidence to suggest that evreything was encrypted (such a system would be incredibly slow).
This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.

The same goes for Sony - Sony encrypted credit card details.

All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Sony likely salted and hashed passwords as well (this is the standard mechanism for any system storing passwords).

So in essence there isn't much difference between the two.

Link to post
Share on other sites
pigfacemonkeyman

pigfacemonkeyman

Posted
Posted
I'm sorry but to label Valve 'incompetent software developers' is an absolute joke and really shows have naive you're being in an attempt to put your point across.

And as we always state with people who state that everything "could have been avoided by using more intelligent and creative ways of preventing piracy" - if you have a way then please do let us know because we've tried quite a lot in the past and it seems we're damned if we do and damned if we don't.

So, erm... don't. :)

Link to post
Share on other sites
wild2475

wild2475

Posted
Posted
Having previously been called "paranoid" and a "tin-hat conspiracy theorist" when explaining my choice of not buying FM12 due to Steam, I would like to underline that I take no joy in the current situation and hope everyone's details are found to be secure. I find some of the twisting people are doing in this thread in order to make their point- on BOTH pro and anti sides of the argument- remarkable.

Personally, I am more concerned with where this puts SI & Sega. They're in a really difficult position, but I do feel that their lack of statement reflects poorly on them.

Had FM12 not been Steam-only, nobody would have a valid argument that SI or Sega should do or say anything about it- they would have every right to direct people's complaints and problems to Valve. It's not an FM12 problem, and, in fairness, I highly doubt SI know a great deal more about the current situation than anyone else. It would fall entirely on Valve's shoulders, and Valve's public image. That's not the case. The decision was taken to exclusively use Steam, so Steam is now an essential part of FM12. In taking that decision, SI told its customer base to trust Valve- particularly those who had never used it before for whatever reason and may have required some convincing. Some didn't, many did. However, in asking for that trust, the other side of that coin is that they must also take a share- not necessarily the lion's share, but a share nonetheless- of responsibility when that trust is broken. The simple fact is that if FM12 weren't Steam-only, a portion of unknown size of its userbase would not have to worry about being affected by this situation at all. For that reason, for their own good, SI need to come out, hold their hands up and acknowledge that.

This is a good point, by making every single user of the game go via Steam I'm afraid SI/Sega will be judged by Steams standards and if they have issues, security breach, insolvency, etc then it reflects on SI/Sega as well.

That's the problem in going via a completely stand alone 3rd party company, you can't control them, they can offer promises and service level agreements and what not but you cannot control what they do or how they conduct their business.

So when something like this happens, instead of it being a Valve only issue it is now a SI/Sega issue.

I understand the need to secure the game as best as possible but yet again the decision makingprocess (in my opionion) is a PR mess.

Link to post
Share on other sites
Loversleaper

Loversleaper

Posted
Posted
Of course that's possible, as is the possibility your email account or ISP account or Amazon details (or any other place you bought online) etc, etc will be hacked tomorrow, that's if your car doesn't get stolen today (with your laptop in it) your house broken into tonight and your rare breed of dog kidnapped while you're distracted by somebody mugging your wife:D

If you knew how I lived my life then that is basically not possible, but regardless - this is a whole other ball game when you tell us to rely on some 3rd party software to guard our info when they clearly can't. Come to my house you have to fight for your life, not this "oh, I am so sorry that we lost all your details" crap.

Right now I am a long way away from home, if I have to cancel my credit card, I'm screwed. If I lost it - fair enough - you do it for me your going to have to accept that you are going to get told off...

I'm sorry but to label Valve 'incompetent software developers' is an absolute joke and really shows have naive you're being in an attempt to put your point across.

And as we always state with people who state that everything "could have been avoided by using more intelligent and creative ways of preventing piracy" - if you have a way then please do let us know because we've tried quite a lot in the past and it seems we're damned if we do and damned if we don't.

One word, accessability. This is how you fight those guys, the harder you make people to play the game the more you will drive them the other way - but you make a game everyone can easily enjoy the less likely people will find the need to. Not everyone wants to be a pirate through free will, if you don't understand that then you might as well give up on any faith in human behavior...

Link to post
Share on other sites
IMT

IMT

Posted
Posted
I'm sorry but to label Valve 'incompetent software developers' is an absolute joke and really shows have naive you're being in an attempt to put your point across.

And as we always state with people who state that everything "could have been avoided by using more intelligent and creative ways of preventing piracy" - if you have a way then please do let us know because we've tried quite a lot in the past and it seems we're damned if we do and damned if we don't.

Only this year it still didn't work and now endless people have problems. If SI don't admit this year was a total balls up, I would debate buying any of their products in the future.

Link to post
Share on other sites
Wakers

Wakers

Posted
Posted

The thing is - a company can take every known precaution against hacking and it still won't be safe.

If the CIA and various other national intelligence surveys are prone to hackers, then what chance does a normal business like Steam have? That's the problem with relying on internet based solutions.

It's a bad, bad idea to make a game exclusive to Steam - not because the guys at Steam don't know what they're doing, but just because of the nature of the internet and how far behind security is in terms of complexity compared to the means available to people to break it.

Link to post
Share on other sites
Kriss

Kriss

Posted
Posted

Time to close this as it's back to the same old same old:( I hope some of the advice given was helpful to some people.

If you actually do still have issues then you should take them up with Steam, regardless of people finding any stick they can to beat SI with this is Steam's baby and it's from them that the answers have to come.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...