Steam Forums Apparently Hacked
polycounter lvl 7
http://kotaku.com/5856975/steam-forums-apparently-hacked
"The Steam User's Forums and the Steam service account passwords are separate, but some users might use the same handles and passwords across both. If that pertains to you, it might be a good idea to change your Steam account password. And pronto."
"The Steam User's Forums and the Steam service account passwords are separate, but some users might use the same handles and passwords across both. If that pertains to you, it might be a good idea to change your Steam account password. And pronto."
Replies
Speculation:
There will be cake
...Wow, really? O.O
I'm pretty sure valve values security on their steam service a thousand times higher than their forum.
:P
I'm sure you're right though. Gonna change my password just to be safe though.
If you use the same password on steam as you use on other places or the steam forums then do, or if you believe your password might have been compromised in some way on your own computer.
It's highly likely that lots of people use the same password on the steam forums as they do on steam or even their own mail, which is the bad thing, but then again, it's a good thing you can't delete your own game, so the worst they'll be able to do with a compromised account is buy you games.
And if you have secure login activated on your steam they wouldn't even be able to login from anywhere but authorized computers.
Otherwise I would rate steam login information being compromised as being as plausible and horrifying as being the pc worlds own apocalypse:P
besides using the same PW on forums as you use for email, steam, or anything else that could give up personal info or cost you money is pretty stupid.
if you use the same PW for everything even if it is a hard PW to crack, it means everything you registered to is only as safe as a weakest link among all the services you use.
though wondering how, it was done, since if it was some exploit in vbulletin it could soon hit other sites, since a hell of a lot of professional or corporate sites run either vbulletin of ip board for there forums.
It sucks that what I used at steams forums is by far my most used one, out of only a few passes.
...or, y'know, they could log into your account and access VAC secured servers while using obvious cheats, getting you irreversibly banned. And then you're out several hundred dollars worth of software without ever having done anything wrong. A single-player only license of TF2, Borderlands, etc... pretty useless. And without any way to get it back, pretty damn maddening.
Make sure the two are not related at all, as the odds of the former being discovered are much, much higher (often no https, plus they're often idiotic with their security. When lifehacker got hacked, it turned out they only encrypted --poorly-- the first 8 characters of any password, making the more secure passwords... less secure. Wtf).
In this case size does matter
True, but that often happens without steam or steam forums getting hacked in any way, people need to be more careful with their computer and where they use their password.
If account information on steam was compromised, I don't think the first thing they would do would be to be extra vigilant to ban cheaters, they'd most likely lock down and change passwords for everyone the moment they knew.
edit: as per your link, the difference between asdf and A5_f is 22.8 HOURS. And that's for an extremely short one.
No worries, my passwords are pretty insane and for the most part unique per site.
Just pointing to that article which says in addition to at least one letter, number, and symbol (which forces a brute force password cracker to use the full character set) the length of the password will then determine it's actual strength, as in average time/effort before being cracked.
So for those that have a hard time remembering a random mishmash of characters, numbers, and symbols, just make something unique and easy to remember then make up a easy to remember padding of some sort to fill it out up to the max allowed by the system.
"Valve has revealed that hackers have gained access to the Steam database and have pulled a variety of information. A statement from Gabe Newell reads in part: 'Dear Steam Users and Steam Forum Users, Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums. We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating. We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."