Steam hackers compromise users' credit card details

[Detective Shadzter]

Steam hackers compromise users' credit card details

Valve boss Gabe Newell issues apologetic statement

Steam has been hacked and users' personal details, including credit card information, emails and passwords, have been compromised following a breach of the Steam forums last weekend.

Valve boss Gabe Newell has issued an official statement confirming the security breach.

There has apparently been no evidence of credit card fraud as a result of the breach, but all users will be required to change their passwords for the Steam forums.

Steam accounts, seperate from the forums, will not be forced to change passwords, but it is advised.

Here's the full statement from Newell:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

http://www.computera...t-card-details/

The 2011 hacks continue. I'm not a PC gamer and I don't have a Steam account, so it doesn't affect me, but I thought I should bring it to the attention of everyone here. I hope no one's credit card details have been taken and misused. I also hope the hackers are found and brought to justice.

[Badnik Mechanic]

The 2011 hacks continue. I'm not a PC gamer and I don't have a Steam account

Neither am I....

... and then I remembered I played Portal 2 on my PS3.. So I do technically have one... yet I've no clue what the password for it was or how I ever use it... joys... more problems.

[Noir]

I can't be mad at Gabe.

Sure can't wait for my free games.

[Silencer226]

Gabe is on the job right now.

Anyway... off to change my password and delete my CC... again.

Edited November 11, 2011 by Silencer226

[#EndyGate]

This is why I illegally download everything.

[Diz]

Oh, bleh. Good thing I saw this topic. Time to go change my Steam account password.

Dem daemn hackors. =/

[Sean Gunnery]

If this interupts me downloading Skyrim tonight than there will be hell to pay.

[krazystitch]

Thanks for the heads up! I just finished changing my password just to be safe. Hopefully they catch these hackers and give us stuff

[novelty]

This is why I illegally download everything.

[Jetronic]

*cracks knuckles*

Someone's gonna have their asses kicked, I've already changed my password and my info isn't really saved.

[voice]

Quite sad that this is one of the safest ways to get games today.

I don't think that can be a sole reason for torrenting games. From what I understand the main argument for doing so is because of overly intrusive DRM schemes big game publishers have until recently been pushing, namely of the constant online-boot if you lose your internet variety. I have no problem with Steam as a DRM, it hasn't been a problem for me yet, but anyways back on topic...

I've done the necessary steps of changing my password and removing any card details, I will need to keep a closer eye on my card transactions for a bit which is a pain in the ass. I'm lead to believe by what I'm reading that if you had Steam Guard enabled your Steam account shouldn't be compromised unless you used the same password for both your Steam and email account. As an added bonus, on GMail you can enable two-factor authentication in which you login and they send you a text or cellular call with a code you can enter to complete the process.

There has been some discussion about "Why is Valve getting such a pass on this when Sony received the full angry fury of the gamer nerdom?" and the simple answer is that Valve was fairly upfront with this and didn't wait over a week to let everyone know their details had been compromised, along with that I'm sure we'll receive a voucher for a free game as that seems to be the standard procedure for this (maybe some good luck for you folks that have powerful enough computers but couldn't afford Generations? ) Valve has been pretty good to us PC gamers and I think they understand pissing us off isn't going to do them any favors.

Edited November 11, 2011 by voice

[Candescence]

There has been some discussion about "Why is Valve getting such a pass on this when Sony received the full angry fury of the gamer nerdom?" and the simple answer is that Valve was fairly upfront with this and didn't wait over a week to let everyone know their details had been compromised, along with that I'm sure we'll receive a voucher for a free game as that seems to be the standard procedure for this (maybe some good luck for you folks that have powerful enough computers but couldn't afford Generations?

You hit the nail right on the head, my friend. Valve sees games as a 'service', and a good service keeps its customers happy. And really... Valve are pretty good at making a solid, satisfying digital gaming service. Steam used to be kinda shit. Now it's pretty much one of the two best digital distribution stores/game client, aside from GOG.

[Forest_GS]

This is the reason I always delete my credit card info from any online website after I use it.

And yes I do use Steam.

And no I'm not going to get skyrim, blew this week's game money on Generations.

[Badnik Mechanic]

There has been some discussion about "Why is Valve getting such a pass on this when Sony received the full angry fury of the gamer nerdom?" and the simple answer is that Valve was fairly upfront with this and didn't wait over a week to let everyone know their details had been compromised, along with that I'm sure we'll receive a voucher for a free game as that seems to be the standard procedure for

Have they?

The intrusion occured last Sunday... thats 4 days if you don't include the actual day that the incident occured on. Thats only 2 less than when Sony finally let everyone know what happened.

Secondly, other than the message on steam and the "Pstt Pass it on" method of distributing has anyone who uses steam actually recieved an email about this telling them what happened? Only according to the thread on NeoGaf, they've not sent and are not sending out emails to anyone about the hack, they're relying completely on people logging into Steam for the message and people sending the message out via word of mouth.

Those people who have Steam link Via the Portal 2 PS3 link, have they been told yet if they need to change their stuff? Nope, not heard a thing over here.

I don't exactly think that Valve are being the shining example of what a company should do at the moment, the very least they should be doing is emailing everyone who has a steam account which is the standard practice for stuff like this, not putting a message on the website and hoping that everyone will read it.

Don't get me wrong I'm not blaming Valve for steam being hacked, but I think at the very least they should be emailing the people on their database.

[voice]

Have they?

The intrusion occured last Sunday... thats 4 days if you don't include the actual day that the incident occured on. Thats only 2 less than when Sony finally let everyone know what happened.

Secondly, other than the message on steam and the "Pstt Pass it on" method of distributing has anyone who uses steam actually recieved an email about this telling them what happened? Only according to the thread on NeoGaf, they've not sent and are not sending out emails to anyone about the hack, they're relying completely on people logging into Steam for the message and people sending the message out via word of mouth.

Those people who have Steam link Via the Portal 2 PS3 link, have they been told yet if they need to change their stuff? Nope, not heard a thing over here.

I don't exactly think that Valve are being the shining example of what a company should do at the moment, the very least they should be doing is emailing everyone who has a steam account which is the standard practice for stuff like this, not putting a message on the website and hoping that everyone will read it.

Don't get me wrong I'm not blaming Valve for steam being hacked, but I think at the very least they should be emailing the people on their database.

If I recall correctly, Sony tried to play down their incident and there were multiple excuses given until Sony finally came out and said they got hacked. Admittedly I have not seen an email from Valve on the subject but keep in mind the PC gaming community runs a bit differently than console gaming communities, word tends to travel faster. I myself learned about the incident in no less than 3 different locations in about 4 hours time.

[PSI Wind]

Gonna have to change my password, but otherwise, nothing was stolen because I have yet to buy anything on Steam.

[Swiss]

Remember hackers:

[voice]

Remember hackers:

I see your video and counter with the true details of how Steam got hacked:

[TheGerkuman]

Wait... so people actually use the same password for steam and the steam forums? That's not terribly sensible.

[gato]

I don't remember ever using the Steam forums, but eh, I'll change my pass anyway.

I guess I'll also delete my card info...

Just when I finally got the thing to work and was downloading Generations. (hope nothing gets affected but I'll remain pessimistic :u )

Thanks for the info!

Edited November 11, 2011 by Octavia

[Dobkeratops]

Since the double standard topic has been covered by Hogs and my password has been changed ~just in case~, I have but only one thing to add to this thread:

free dotas pls

[Phantomime]

So, when I booted up my computer tonight I got a message from Gabe on the Steam news about the hack. At least they're being good about it and admitting it.

EDIT: Well, I went to remove my payment info, but it seems it had already been auto-cleared. So anyone who set Steam to remember their payment info shouldn't have as much to worry about, thankfully.

Edited November 11, 2011 by PHaNTOS

[krazystitch]

My credit card info is gone too. Looks like they got rid of all of them just in case of anything. Good on them for taking safety precautions like that.

[Jetronic]

This popped up when I signed into steam today, an update from the steam hacking a few months ago.

Edit : http://store.steampowered.com/news/?headlines=1&feed=steam_announce#

Edited February 11, 2012 by Jetronic