Steam's Database Hacked, Info Possibly Stolen
Sunday Valve's Steam platform was accessed by hackers who may have run off with the personal information of all registered users, including credit card numbers.
Valve Software's Gabe Newell sent out a message to all Steam users around an hour ago warning about a hack into the database and the possible theft of personal information. Here's the entire message:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
- Valve,
- Steam ,
- Hacking ,
- Gabe-Newell ,
- Database ,
- Credit-Card
- Happy Birthday Firefox, You're Now 7 Years Old!
- Nvidia Releases New Battlefield 3, Skyrim Beta Drivers
- Desktop Vendors Not Keen on Using Chrome OS
- Deals Nov 10: Dell Vostro 15.6 Core i5 Aluminum $588
- HP is Now the World's Greenest IT Company
- Express Lanes to Get In and Out of the Apple Store Faster
- IBM, Samsung Fight Over Patent Leadership in the U.S.
- World of Warcraft Lost Over 1 Million Subscribers This Year
- OCZ Reveals RevoDrive 3 Max IOPS Editions
- EA President Confirms There Will Be a Battlefield 4
- Skyrim Developer Says PC Development is a Headache
- Kingston Releases SSDNow V200 Series SSDs
- MSI Offering iOS App for Overclocking GPU
- Microsoft Receives Quantum Computing Patent
- RAMCloud: The Idea of Storing All Data in RAM
- Deals Nov 11: Dell Inspiron 15 Core i3 2.53GHz $349
- Estonian Clickjacking Ring Totally Busted
- OCZ reveals the PC Power & Cooling Silencer Mk III Series PSUs
Didnt we already go through this with Sony?
Son of a gun...
Damn you EA!!!
yea but it was more like, SURPRISE WE GOT HACKED LOL!
Didnt we already go through this with Sony?
Unlike Sony, Steam's data is encrypted with AES256. These hackers actually have a better chance at getting laid than to crack the data they stole.
Didnt we already go through this with Sony?
Um... no... the got your email, and game purchase history. And billing address. Passwords and credit cards are encrypted. So... they got a whole lot of nothing.... hardly sony
hmm, I have not received an email, but I'm not part of the forum.
Now if origin had gotten hacked I am sure your credit card and account would be up for sale.
hmm, I have not received an email, but I'm not part of the forum.
I got my message when starting Steam today.
Now if origin had gotten hacked I am sure your credit card and account would be up for sale.
EA already does that job with Origin...
People mentioned this in the HardOCP thread as well. Its different for several reasons. One, Steam isn't denying/hiding it. They came forward, faster then Sony did as well btw, and admitted what happened. Two, assuming Steam isn't lying, the passwords and CC numbers were not stored as text. They (might) have the hash values or something like that, but not the numbers themselves. Hopefully. So yes it's similar to what happened with Sony in that they both got hacked, but the attitude of the companies along with how they stored data is VERY different.
[quoteDidnt we already go through this with Sony?[/quote]
sony had all the info UNENCRYPTED. steam uses 256bit AES encryption so your info is safe.
True sony did all the worng things in such a spectacular way, and this mess up is no where near that scale, however what makes me nervous though is the thought that Big companies still have a set up that allowes hackers to take all of our information, regardless if its incripted, in one trip. I thought this was the big lesson of the sony attack, dont put all your stuff in one place, dont make it so people can get everything in one go. spreading out sensitive information so no one can get all of it at once was the most important thing I got out of Sony's mess up, and I thought that it would be one of the first thing companies would fix.
Happy that its incripted this time though, at least its a move in the right direction. Sad that what I thought was one of the biggest mistakes was not thouroughly delt with. O well no ones perfect... or did I just miss the news on companies fixing this?
EA already does that job with Origin...
are you stupid?
I got my replacement credit card in the mail two days ago already. The notice was about a third party data breach, but not where the breach occurred. Now I know that as well...
are you stupid?
Come down with herpa derpies I see?
&.......this is why I'll never buy from steam
Unlike Sony, Steam's data is encrypted with AES256. These hackers actually have a better chance at getting laid than to crack the data they stole.
Willing to take a chance it's not encrypted? If I had a Steam account I would've already contacted my CC company and reported it stolen.
not again with these hacking heists
Fuck Valve
Fuck Valve
Valve is one of the FEW companies I trust... Every online database can be hacked, but it's not like they can get all your info just a click away. Valve has surely taken measures against that; unlike Sony, these people really care about providing good software.
Hmm... I only have a debit card which I use to buy crap online, including cheap Steam games. I think that for the effort those hackers deserve my $1.13 deposited on my debit card rofl!
What if some of the hacked accounts belong to some of the hackers, which they already know the credit card numbers, passwords, etc?
Wouldn't that help them crack the rest of the accounts more easily?
True sony did all the worng things in such a spectacular way, and this mess up is no where near that scale, however what makes me nervous though is the thought that Big companies still have a set up that allowes hackers to take all of our information, regardless if its incripted, in one trip. I thought this was the big lesson of the sony attack, dont put all your stuff in one place, dont make it so people can get everything in one go. spreading out sensitive information so no one can get all of it at once was the most important thing I got out of Sony's mess up, and I thought that it would be one of the first thing companies would fix.Happy that its incripted this time though, at least its a move in the right direction. Sad that what I thought was one of the biggest mistakes was not thouroughly delt with. O well no ones perfect... or did I just miss the news on companies fixing this?
im not an it person, but to me the idea of storing data seperatly seems... impractical, and even if they did, the data would still be easy enough to obtain, unless they have a way to lock it down the second they think data is being taken.
What if some of the hacked accounts belong to some of the hackers, which they already know the credit card numbers, passwords, etc?Wouldn't that help them crack the rest of the accounts more easily?
kind of... but you have to remember, they may know a few numbers and values, but they have to apply it in every area... like lets say you had a 100 mile streach of road, and you had to find one specific spot, but you only had about 1cm square to tell you where it is. yes, you can find it, but its like taking a million year task and making it 100000 years.
Unlike Sony, Steam's data is encrypted with AES256. These hackers actually have a better chance at getting laid than to crack the data they stole.
I hope they get laid. By Bubba. In prison. And it better not be a quickie.
I didn't store my credit card information on Steam because of the whole Sony fiasco. Am I still safe? What information was compromised? Just personal information? What about transactional information? The letter does say "game purchases" but what does that REALLY mean? Do the offenders know the payment information of a particular purchase, to include credit card information? I might be a bit freaked out if that was the case.
Gabe is such a great guy and you can certainly feel his sincerity at the end. My view of Valve and Steam go unscathed from this.
The hacker sure looks determined in that photo.
And I gotta say, the ski mask really makes his tie "pop".
Unlike Sony, Steam's data is encrypted with AES256. These hackers actually have a better chance at getting laid than to crack the data they stole.
Although, if they crack the data, their chances of getting laid will increase also
...
In prison!!!
Although, if they crack the data, their chances of getting laid will increase also...In prison!!!
I don't think Bubba or Antwan will care about their proxy servers :$
awww fuck me.
You know they wouldn't steal it if they couldn't get something out of it.
Gonna need a seperate set of cards / emails etc for the derpy companies I buy from.