Valve Admits Steam Intrusion, No Current Evidence of Fraud

Good call in blowing the horn on this before everyone dove into Skyrim.

@BisonHero said:

@Ares42 said:

Hmm, went to change password and got "Steam cannot process your request" error repeatedly =/

I believe it gives you that error even if their servers are fine, but you're typing in your password incorrectly.

Yes. I typed in the wrong password a few times and got "Steam cannot process your request" and was told to try again later. I realized that I was trying an extremely old (and unused) password, but once I realized what my current password was it let me in immediately.

Oh man some fuckers are getting introduced to Gabe's knife collection tonight.

What kind of dick attacks Steam?

I cant figure out how to change my password...

I use Paypal for Steam purchases, but I changed my password anyway just to be safe. I have 155 games and I don't want to risk it. I have never used the Steam forum anyway.

@Vitor said:

http://www.eurogamer.net/articles/2011-11-10-valve-confirms-steam-security-breach

According to Eurogamer, they stole a lot more than just forum stuff.

Possible Credit Card info leaked amongst other things.

What Eurogamer is reporting is the same that GB and all the other web sites are reporting.

I admit, my steam password was pretty weak anyway. About time I changed that.

@Brian333 said:

!@#@U#!@#*!#%*!#@(@#!*(&*@*@@10_**&^%@!&!

That seems like a pretty secure password

@Fistfulofmetal: you go into the steam client and then go to steam settings and on the first tab there is a button to change password. I'm sure there is another way, but that's the way i changed mine.

@Monkeyman04:

ah... i was trying to do it on the steam website. thanks

If it was any other company people would be losing their shit.
 
Valve (and Steam more accurately) has won complete infallibility not by making great games, and not by creating a good platform for games... but because they sold people a bunch of good games for like 2 fucking dollars.  THAT'S the real reason people have a Steam boner.

@Enigma777 said:

Hey guys, remember when Sony got hacked and people were saying this would never happen to a "proper" service like Steam?

Yeah and it hasn't happened yet, remember unlike Steam, Sony did not encrypt any of the passwords.

It's not even letting me change my password and says the service is unavailable. Way to give me a near-heart-attack and then sustain the tension. I can't deal with this shit, I already went through the PS3 debacle.

@Brodehouse said:

If it was any other company people would be losing their shit. Valve (and Steam more accurately) has won complete infallibility not by making great games, and not by creating a good platform for games... but because they sold people a bunch of good games for like 2 fucking dollars. THAT'S the real reason people have a Steam boner.

Oh cool dude thanks for letting me know why I have the opinions I have.

Because I have been fucking mystified up to now.

changed my password. made sure credit card info wasn't saved. made sure steam guard is on.

well thats all i can do really. hopefully its not too bad for people, myself included.

@coakroach said:

What kind of dick attacks Steam?

The kind that wants active and recent account information of four million users that like to buy things.

So, professional dicks. :(

http://www.eurogamer.net/articles/2011-11-10-valve-confirms-steam-security-breach

According to Eurogamer, they stole a lot more than just forum stuff.

Possible Credit Card info leaked amongst other things.

They sent an email with a security code when I tried to log in. I changed mine, too. I don't want a repeat of the trouble I had from my Microsoft account getting hacked.

I'm at work at the moment, so I don't have access to the Steam client. I can't seem to find a way to change my password through the browser. I can log in, delete my saved credit card info, but no password change option?

Anyone have any ideas?

great. time to start checking my CC account online daily because yet another CC processor can't keep their systems secure.

If only I can change my credit card number with a form like my password.

@Krenor said:

@Enigma777 said:

Hey guys, remember when Sony got hacked and people were saying this would never happen to a "proper" service like Steam?

Yeah and it hasn't happened yet, remember unlike Steam, Sony did not encrypt any of the passwords.

Somehow I doubt that's going to stop the hackers.

@Brodehouse said:

If it was any other company people would be losing their shit. Valve (and Steam more accurately) has won complete infallibility not by making great games, and not by creating a good platform for games... but because they sold people a bunch of good games for like 2 fucking dollars. THAT'S the real reason people have a Steam boner.

This is kinda true, the first part anyway. Let's be honest, if this happened to Origin, people would be going nuts.

Sweet, it says my password can't be changed.

@Brodehouse said:

If it was any other company people would be losing their shit. Valve (and Steam more accurately) has won complete infallibility not by making great games, and not by creating a good platform for games... but because they sold people a bunch of good games for like 2 fucking dollars. THAT'S the real reason people have a Steam boner.

This is kinda true, the first part anyway. Let's be honest, if this happened to Origin, people would be going nuts.

@EndrzGame said:

@Vitor said:

http://www.eurogamer.net/articles/2011-11-10-valve-confirms-steam-security-breach

According to Eurogamer, they stole a lot more than just forum stuff.

Possible Credit Card info leaked amongst other things.

What Eurogamer is reporting is the same that GB and all the other web sites are reporting.

Point me to the section in the GB article where it comments on the unofficial internal memo Gabe sent round Valve suggesting that credit card information was also accessed.

But the hackers are standing up for consumer liberty, right guys?

...guys?

@Brodehouse said:

If it was any other company people would be losing their shit. Valve (and Steam more accurately) has won complete infallibility not by making great games, and not by creating a good platform for games... but because they sold people a bunch of good games for like 2 fucking dollars. THAT'S the real reason people have a Steam boner.

People don't like steam because of 2 dollar games but because steam offers great customer service. Discounts are just a part of that.

@coakroach said:

What kind of dick attacks Steam?

Organized Crime. The contents of that database is worth a lot of money.

@Krenor said:

@Enigma777 said:

Hey guys, remember when Sony got hacked and people were saying this would never happen to a "proper" service like Steam?

Yeah and it hasn't happened yet, remember unlike Steam, Sony did not encrypt any of the passwords.

Based on what Patrick posted they have a similar setup to what Sony had, encrypted credit card info and hashed passwords. Either way im sure our steam accounts are safe.

This alarmist sentimant on most of these headlines is a bit misleading. Most are saying something like, Security Breach -- Password and Credit Card Information Stolen. While that's technically true, it's still encrypted information, which is usually explained in the body of the article.

I appreciate that Giantbomb stated the facts up front. Well done once again.

@Vitor said:

@EndrzGame said:

@Vitor said:

http://www.eurogamer.net/articles/2011-11-10-valve-confirms-steam-security-breach

According to Eurogamer, they stole a lot more than just forum stuff.

Possible Credit Card info leaked amongst other things.

What Eurogamer is reporting is the same that GB and all the other web sites are reporting.

Point me to the section in the GB article where it comments on the unofficial internal memo Gabe sent round Valve suggesting that credit card information was also accessed.

"Users accessed “a Steam database in addition to the forums” that had user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and encrypted credit card information.There is currently no evidence the credit card information has been decrypted, and Valve is “still investigating.”

It's in that tricky 5th paragraph. It wasn't an 'unofficial internal memo'. That's verbatim word for word the message you receive as soon as you log into Steam or try to access the forums.

@Swick:Whatever, someone spent $92.50 of my money on Red Kings poker. I personally would love to thank Giant Bomb for telling me this. Otherwise, what else could've been stolen?

A couple months back, there was a chargeback on my steam account due to an error on Paypal's part. When attempting to get the issue resolved with Steam support, I received conflicting advice from different reps, and at least one of them felt completely comfortable talking down to me as though I were a thief, despite the hundreds of dollars worth of transactions that went of without a hitch. My account was suspended.... twice, despite the fact that I did everything they asked of me.

Personally, I'm going to treat them with the same dignity and respect they treated me with when I had an issue that wasn't directly my fault. Hey Valve, get it fixed. There's no excuse for this - even though it's not your fault, you certainly deserve to be raked over the coals for it. Sure, it's not like you hacked your own service, but come on - you were asking for it, and this is clearly your fault. I expect you to take measures to protect my credit card information, and my identity. If you don't, I'll stop spending money with you. Even if you do, I still might stop doing business with you on a whim.

Alright, in case it was lost on anyone, that was (mostly) sarcasm. /Still, a company that demands their customers follow every rule to the letter without any allowance for exceptions, and special circumstances should expect nothing other than ire when something like this happens to them.

I used paypal, so I should be fine, right?

Well, it seems that not buying anything on Steam has finally paid off. Now if only I could get my Steam library under control.

@w00ties said:

@BisonHero said:

@Ares42 said:

Hmm, went to change password and got "Steam cannot process your request" error repeatedly =/

I believe it gives you that error even if their servers are fine, but you're typing in your password incorrectly.

Yes. I typed in the wrong password a few times and got "Steam cannot process your request" and was told to try again later. I realized that I was trying an extremely old (and unused) password, but once I realized what my current password was it let me in immediately.

Yeah, I also did exactly what you just described. It's a very misleading error message.

Well, at least it's hashed and encrypted, unlike PSN was.

@c0l0nelp0c0rn1: I'm sorry to hear that. What else could have been stolen? Well, lots. But whether anybody cares is a different story. My comment was intended to highlight that Giantbomb stuck to the complete truth rather than going for a bigger headline.

hashed and salted passwords

That made me hungry.

Changed my password right after this happened.

@Subjugation said:

hashed and salted passwords

That made me hungry.

Me too :'(

@Ares42 said:

Hmm, went to change password and got "Steam cannot process your request" error repeatedly =/

You can thank Bethesda for that one.

But the hackers are standing up for consumer liberty, right guys?

...guys?

Password changed. Just do it.

Sounds like it's not likely my password was in there, I'm not gonna bother changing it. What's the worst that can happen?

How about companies stop storing my fucking credit card information? I always go in and remove it when I am able to (can't figure out how on Steam). My security is way more important to me than my ability to buy something in one or two clicks. It shouldn't even be legal for them to remember that shit.

Edit: Well I figured out how to remove my card but I guess it's too bad I didn't find this before.