STEAM hacked

[Cigol]

Apparently.

Go go gadget password changer...

oh wait, that's me... every, single, month, it seems like. Although it should be said there's supposedly no cause for panic.

http://www.eurogamer.net/articles/2011-11-10-valve-confirms-steam-security-breach

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

[Nappi]

YEY!

[Sno]

Ah fuck, i have to change a few passwords because of this.

God dammit.

[Forbin]

Ah fuck, i have to change a few passwords because of this.

God dammit.

hashed and salted. I wouldn't bother.

[Moosferatu]

Perhaps they should teach Sony that trick.

[Sno]

hashed and salted. I wouldn't bother.

Whatever, i already did it, it's something i needed to do anyways.

[elmuerte]

I'm glad I've always used PayPal to pay for Steam games.

Also, my new credit card is already on it's way because it expires in a month. Hurray for me.

Anyway... this is the second large vBulletin forum I hear being hacked. And as far as I know they also use the 3.x version instead of the shitty 4.x version. I hope vBulletin releases a security fix for the 3.x versions.

[Kolzig]

Ahh damnit...

And in password change I get all the time today "Steam cannot currently process your request. Please try again later."

Is every Steam user in the world trying to change their passwords at the same time?

[Cigol]

hashed and salted. I wouldn't bother.

Does that include everything, username and email for example?

It seems with STEAM Guard enabled and a 2-step verification email like gmail that your STEAM account isn't really hackable either so that's a bonus, or weight off your (my) mind.

[Ben X]

I can't even find the 'forgotten your password?' button.

[Tanukitsune]

I've always used Paypal, so I'm not worrying either, but I know some spoiled brat will demand compensation, even though it's just the forums that are down and you can still access the games and they were open about it and did everything right.

I also can't help to notice that it happened close to such important release dates, which makes my inner paranoid think it was done on purpose.

[Thompson]

I think this is telling:

That link, by the way, is this.

[Kolzig]

In the end I managed to change the password late last night just to be sure.

Also I noticed that they had removed the card details from Steam, my credit card details are no longer saved there. From now on I shall be using just Paypal in Steam and possibly getting a VISA Electron for net purchases due to an interesting discussion I had with a friend who is much more paranoid about internet and personal details than me.

The Steam Guard is a good thing, I believe that helps already a lot that nobody can hijack your account. I've had that working since they introduced it.

[Erkki]

I've never had a physical credit card, I use virtual VISA credit cards that are valid for only 40 days and have a limit that I set. I don't know if that's commonly offered by banks elsewhere, only one bank offers it here. They become active immediately when I order it from my online bank.

[elmuerte]

That would be interesting. But also difficult, because I would have to remember my credit card info again every 40 days.

[Erkki]

That would be interesting. But also difficult, because I would have to remember my credit card info again every 40 days.

I assume you meant re-enter not remember? Anyway, I've been doing it at least since 2005 and it's not that much of a hassle to do it every 40 days (or less often as you probably don't need a crediit card every day). It's also really more of a debit card masquerading as credit card because no actual credit is involved.

[elmuerte]

No I meant remember. I know all numbers of my creditcard (including the cvc and expiration time). I don't like having that information stored anywhere except my brain and the card.

[MrHoatzin]

Huh, this could be why my bank randomly sent me a new card last week with an oblique message that A MAJOR RETAILER somewhere out there SUSPECTS some information may have been compromised. They couldn't tell me who, tho, because MasterCard didn't tell the bank who it was.