6 replies to this topic

[IMG News]

Valve recently alerted users to an intrusion into the forums and a database for its Steam online sales service. A variety of user information including names, passwords, billing addresses, and encrypted credit card information was accessed by the intruders.

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

For more information follow the links below.

Return to Full Article - InsideMacGames News

[nagromme]

It’s been a while, so I forget: you don’t have to have your credit card on file with them, do you?

I have bought from them by credit card, but if allowing that card # to be stored for future is optional, then I would have declined the option!

Luckily, I use unique passwords for every friggin’ thing... PITA though it is

Morgan

[Matt Diamond]

Correct. I don't store my credit card with them either. Of course that assumes they don't do anything stupid like store the details I use when I DO buy something.

There are a few sites I trust that I do have a card on file with, and I'm starting to think even that's a mistake. The more trusted the site, the juicier a target they make for the hackers.

[nagromme]

Yeah. Credit cards in general need to get with the times! One-time-use codes, please.

[rhywun]

I'm pretty cynical about all this. I think most computer security measures are overcomplicated and ineffective too - if people want in, they'll get in. The effective solution here is to pay attention to your monthly bills and take action if necessary.

[alldaveallen]

rhywun, on 12 November 2011 - 11:30 PM, said:

I'm pretty cynical about all this. I think most computer security measures are overcomplicated and ineffective too - if people want in, they'll get in. The effective solution here is to pay attention to your monthly bills and take action if necessary.

Im pretty sure they got mine, based on some sketchy activity over this past weekend. $4.89 to "IM GAMED.COM LLC" which a quick Google search will reveal is a long-standing scam. The steam thing explains.

[Matt Diamond]

alldaveallen, on 14 November 2011 - 10:09 AM, said:

Im pretty sure they got mine, based on some sketchy activity over this past weekend. $4.89 to "IM GAMED.COM LLC" which a quick Google search will reveal is a long-standing scam. The steam thing explains.

Or they got your credit card info a while ago. As I understand it, credit card numbers stolen en masse by hackers get bought and sold just like email addresses do. The people doing the hacking generally don't use the numbers themselves, but rather, sell them on the black market to brokers or scammers like IM GAMED. So it often takes a while before they actually get used.

I'd guess that if we start to see widespread reports of Steam users getting hit with the same scam, then yes, it may have been due to the Steam break-in. If not, then I'd put it down to coincidence. I'm sure Valve would like to know the answer, but it doesn't much matter from your point of view. Either way you should cancel that card.