Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We dont have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldnt be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
crap. There needs to be Steam gift cards - that's how I handle all my playstation store purchases now.
I'll settle for having forgiveness if my account is VAC banned because of some shithead hacker.
Valve brushes off people who get hacked with "you are required to maintain security of your account", and while I think the world of them as a studio, their Steam customer support response when THEY are hacked and it's THEIR fault had better not be the same rehashed excuse.
crap. There needs to be Steam gift cards - that's how I handle all my playstation store purchases now.
Word, I see many cards for Korean/Japanese based studios MMO's in your common grocery store everyday, why they can't do the same for Steam is beyond me.
Buy a 120$ card, put it in Steam and voila, done. I can buy two release date games and maybe a indie game or two.
at least in germany you can use prepaid cards for steam. forgot the name of the service, but it's defo possible.
on topic: so far nothing has been lost apart from some email adresses. the card info and passwords are all encrypted and the database was only opened not entirely copied (as it seems right now).
i think more interesting than the actual technical question is the question who'd have an interest in hacking valve. my impression was that the online community always loved valve.
i think more interesting than the actual technical question is the question who'd have an interest in hacking valve. my impression was that the online community always loved valve.
Anybody that wanted to establish "street cred" as a serious black hat. Valve is a hardened high-profile target, and to anybody looking to build serious paying customers for a malware business (botnet, fraud exploits, targeted attacks for clients, etc), proving you can crack hard targets would draw in enough interest to make other illicit endeavors profitable.
My hunch is that somebody is field-testing an attack method they're going to employ in the extremely near future on a more serious target.
I readed this in steam this night, and i was shocked because i have my master card linked with them.
BTW, I buy too many games in steam (just the good offers), but lately i prefer to buy them in retail shops like zavvi. A game is sold in steam for 50 €, when we find the same game (retail) for 12 €. That's what i call a robbery.
A game is sold in steam for 50 , when we find the same game (retail) for 12
Strangely that's the case for relatively old games here too. I bought Mass Effect for about 6$(10 TL) 2 weeks ago(I can't afford to buy the newest games) in a retail shop while it is being sold for 20$ in Steam.
Strangely that's the case for relatively old games here too. I bought Mass Effect for about 6$(10 TL) 2 weeks ago(I can't afford to buy the newest games) in a retail shop while it is being sold for 20$ in Steam.
I hope you don't have any problems with your card
i hope so hehe
These are some of the games i bought in this year. I'm still waiting to receive Sonic Generations, Assassin's Creed Brotherhood and Revelation limited edition.
BF3 for example, 36 euro, crysis 2, deux ex human revolution, red faction armageddon, etc.. 12 euros. And all these games are of this year.
In contrast to me, my friends prefers to piracy all, and waste the money on hardware, and not cheap one, but the most expensive and hardcore.
Steam should drop their prices... their offers are a shame compared to what we can get in retail version with steam works.
Steam should drop their prices... their offers are a shame compared to what we can get in retail version with steam works.
Looks to me that they only really focus on the US prices - new game prices are typically the same on Steam as they are in shops - $59. The fact that they don't have to package & ship games means they probably don't have to worry about competition from physical shops.
I saw this coming the day they said that PSN and Steam accounts would be linked. Luckily I never saved my credit card information when I bought from Steam. Hopefully nobody gets seriously affected..
Looks to me that they only really focus on the US prices - new game prices are typically the same on Steam as they are in shops - $59. The fact that they don't have to package & ship games means they probably don't have to worry about competition from physical shops.
That's not true, because we can find sonic generations for 15 euros at zavvi, and in steam is for 30 euros, the double!.
Rage was before launch at 29,95 euros, and in steam, omg! 50 euros!.
There are too many retailers selling the same games with better prices, much better. What they do in Europe, it's a robbery, outrageous.
Looks to me that they only really focus on the US prices - new game prices are typically the same on Steam as they are in shops - $59. The fact that they don't have to package & ship games means they probably don't have to worry about competition from physical shops.
Publishers set the prices though, not valve, even though valve might suggest or insist smaller prices on things.
Retailers wont stock a certain game if they knew a publisher was undercutting them on steam, and retail is still in a sense needed.
Steam sales still beat the hell out of anything, even if prices normally are higher than retail.
And how did they figure out the root password for the server was "gaben" !?
I got a call from my bank this morning telling me about $1000 had been charged to my Credit Card in France between last night and this morning. I'm getting a new CC and am not liable for anything, thankfully. Of course, I can't say with certainty that the breach came from steam, but the coincidence is compelling.
Note: I live in the United States and have never been to France.
Or the slight chance that his cc has been compromised elsewhere, hard to know.
I mean, even with the possibility that cc information has been compromised, it was actually encrypted, how long would it take to bruteforce this encryption?
Or the slight chance that his cc has been compromised elsewhere, hard to know.
I mean, even with the possibility that cc information has been compromised, it was actually encrypted, how long would it take to bruteforce this encryption?
On the other hand, credit card numbers are in fact just that. Numbers. No upper- or lowercase, no special characters, no letters. Which would, I guess, make the decryption faster and more probable. Sure, its a long chain of numbers but still. But thats just me guessing, i don't know..
i have started buying retail games after nearly a decade of steam use, prices are too high, download speeds are too inconsistent, support is fucking terrible.
i have started buying retail games after nearly a decade of steam use, prices are too high, download speeds are too inconsistent, support is fucking terrible.
what happened gabe, what happened
But the christmas sales make up for that
But yea, there have been better times for steam, in terms of dl speed and support.
I buy full price games through amazon uk and if there is some cool discount event, i buy it through steam.
But yea, there have been better times for steam, in terms of dl speed and support.
I buy full price games through amazon uk and if there is some cool discount event, i buy it through steam.
Depends highly on the distribution servers though, but I guess high quality should be demanded all around for all the content servers. Up here in the frozen north I've always been lucky with high quality content servers, usually in the several megabytes/sec.
Replies
I'll settle for having forgiveness if my account is VAC banned because of some shithead hacker.
Valve brushes off people who get hacked with "you are required to maintain security of your account", and while I think the world of them as a studio, their Steam customer support response when THEY are hacked and it's THEIR fault had better not be the same rehashed excuse.
Word, I see many cards for Korean/Japanese based studios MMO's in your common grocery store everyday, why they can't do the same for Steam is beyond me.
Buy a 120$ card, put it in Steam and voila, done. I can buy two release date games and maybe a indie game or two.
on topic: so far nothing has been lost apart from some email adresses. the card info and passwords are all encrypted and the database was only opened not entirely copied (as it seems right now).
i think more interesting than the actual technical question is the question who'd have an interest in hacking valve. my impression was that the online community always loved valve.
Anybody that wanted to establish "street cred" as a serious black hat. Valve is a hardened high-profile target, and to anybody looking to build serious paying customers for a malware business (botnet, fraud exploits, targeted attacks for clients, etc), proving you can crack hard targets would draw in enough interest to make other illicit endeavors profitable.
My hunch is that somebody is field-testing an attack method they're going to employ in the extremely near future on a more serious target.
Wouldn't storebought Visa/American Express gift cards work for that?
Sweet! Maybe they'll hack into Chase and Bank of America and shut them down from within.
BTW, I buy too many games in steam (just the good offers), but lately i prefer to buy them in retail shops like zavvi. A game is sold in steam for 50 €, when we find the same game (retail) for 12 €. That's what i call a robbery.
With 100 euro you can buy more than 7 games...
Strangely that's the case for relatively old games here too. I bought Mass Effect for about 6$(10 TL) 2 weeks ago(I can't afford to buy the newest games) in a retail shop while it is being sold for 20$ in Steam.
I hope you don't have any problems with your card
i hope so hehe
These are some of the games i bought in this year. I'm still waiting to receive Sonic Generations, Assassin's Creed Brotherhood and Revelation limited edition.
BF3 for example, 36 euro, crysis 2, deux ex human revolution, red faction armageddon, etc.. 12 euros. And all these games are of this year.
In contrast to me, my friends prefers to piracy all, and waste the money on hardware, and not cheap one, but the most expensive and hardcore.
Steam should drop their prices... their offers are a shame compared to what we can get in retail version with steam works.
Looks to me that they only really focus on the US prices - new game prices are typically the same on Steam as they are in shops - $59. The fact that they don't have to package & ship games means they probably don't have to worry about competition from physical shops.
That's not true, because we can find sonic generations for 15 euros at zavvi, and in steam is for 30 euros, the double!.
Rage was before launch at 29,95 euros, and in steam, omg! 50 euros!.
There are too many retailers selling the same games with better prices, much better. What they do in Europe, it's a robbery, outrageous.
Publishers set the prices though, not valve, even though valve might suggest or insist smaller prices on things.
Retailers wont stock a certain game if they knew a publisher was undercutting them on steam, and retail is still in a sense needed.
Steam sales still beat the hell out of anything, even if prices normally are higher than retail.
And how did they figure out the root password for the server was "gaben" !?
http://forums.steampowered.com/forums/showthread.php?t=2226073&page=14
maybe lies to create panic?
Or the slight chance that his cc has been compromised elsewhere, hard to know.
I mean, even with the possibility that cc information has been compromised, it was actually encrypted, how long would it take to bruteforce this encryption?
On the other hand, credit card numbers are in fact just that. Numbers. No upper- or lowercase, no special characters, no letters. Which would, I guess, make the decryption faster and more probable. Sure, its a long chain of numbers but still. But thats just me guessing, i don't know..
what happened gabe, what happened
But the christmas sales make up for that
But yea, there have been better times for steam, in terms of dl speed and support.
I buy full price games through amazon uk and if there is some cool discount event, i buy it through steam.
Depends highly on the distribution servers though, but I guess high quality should be demanded all around for all the content servers. Up here in the frozen north I've always been lucky with high quality content servers, usually in the several megabytes/sec.