Atomic Systems

quickthorn wrote:On Saturday, I had a couple of emails from Steam, sending me a code to change my password..

This is an automated message generated by Steam account administration to help you reset your Steam password.

Please enter the following code into the 'Verification Code' field of the 'Forgotten Password' dialog. (Enter the code exactly as written. You can use copy/paste operations to enter the code):

Code: Select all

Please also enter the *answer* to the following question into the 'Secret Answer' field of the same dialog:

[secret question]

IMPORTANT: Please do not reply to this message to attempt to reset your password -- that won't work. You must enter the above information into the Steam application.

The Steam Support Team
http://www.steampowered.com 

[/quote]

The thing is, I didn't ask to reset my password. Has anyone else had this?

I never joined Steam forums, and generally play offline. I just logged in now with no problems, and made a genuine request to change my password, which worked.[/quote]

You can just ignore this, if you haven't requested it yourself, then someone is trying to be a funny . and change your password by just entering your username and hitting the forgotten password option, as I mentioned in a earlier post, unless your email account is breached and they have physical access to your computer its not possible for anyone to gain access to your account with steam safeguard enabled.

...


I somewhat wish this whole steam forum hacking attempt was not blown out of scale than what it really is. Steam forums are ran on a vbulletin software which requires completely seperate username and password, yes the attempt did manage to hit a database which stored personal data, but the information on that database was HASHED AND SALTED level encryption.

Hashed and Salted encryption is a means of breaking down personal information into random code and bits, the earlier versions used 12 bits and created a bare minimal of 3000 bit combinations to even get it correct, nowadays there is 128bit which can yield 5000+ bit combinations and is likely to be at that level or even higher on steam's servers.

What this means is, any attempt to actually try and crack those passwords requires a vast amount of computer and harddrive space, something in the range of 100 or more hard drives with computers processing and calcuating data to t ry and find the right combination. This is why I said that a small group of hackers, which is very likely what it is to hit a mere vbulletin forum would not have the resources or power to do anything with the data they got ahold of.

So the chances of actually getting and using personal data is extremely low, keeping a vigilant look on ones bank account as per one would usually do and reporting to bank if there is any unauthorized attempts is all you need to do.

I would point out to anyone who is making a purchase on steam that they never keep the box checked for "keep details for further purchases", I have never had ot ticked after a purchase, I don't want my information stored and nor should anyone else, its quite easy to just re type information and it also prevents sticky situations when you might just click through the buying process and forgot your card got renewed and the some details changed.

So folks, you need to stop worrying about this, hacking attempts like this are nothing new, its just become "big news" because Steam's name is on the news posts, also to point out, it was the FORUM and not Steam's main account server which got hacked into and taken down. The forum, vbulletin run software and which has SEPERATE username and password from your main steam account got hacked, so unless your putting your credit card details in as a password, with the above about hashed and salted passwords, and it all being seperate there is such a low chance of anything happening that its just unbelievably silly to start panicking over this or throwing up some kind of boycott against steam.

I'd also point out that steam and using a website store which uses SSL security are no different from each other and no matter how many security checks or means you go through internet shopping and personal data will never be 100% safe, there will always be the risk of having personal data stolen somewhere and is the same as in a brick and mortar shop aswell and well honestly you can't run in the mindset that its not safe to put your personal details in anywhere otherwise you would never buy anything and be some paranoid wreck.

crumplezone wrote:I somewhat wish this whole steam forum hacking attempt was not blown out of scale ...

crumplezone wrote:

quickthorn wrote:On Saturday, I had a couple of emails from Steam, sending me a code to change my password..

This is an automated message generated by Steam account administration to help you reset your Steam password.

Please enter the following code into the 'Verification Code' field of the 'Forgotten Password' dialog. (Enter the code exactly as written. You can use copy/paste operations to enter the code):

Code: Select all

Please also enter the *answer* to the following question into the 'Secret Answer' field of the same dialog:

[secret question]

IMPORTANT: Please do not reply to this message to attempt to reset your password -- that won't work. You must enter the above information into the Steam application.

The Steam Support Team
http://www.steampowered.com 

[/quote]

The thing is, I didn't ask to reset my password. Has anyone else had this?

I never joined Steam forums, and generally play offline. I just logged in now with no problems, and made a genuine request to change my password, which worked.[/quote]

You can just ignore this, if you haven't requested it yourself, then someone is trying to be a funny . and change your password by just entering your username and hitting the forgotten password option, as I mentioned in a earlier post, unless your email account is breached and they have physical access to your computer its not possible for anyone to gain access to your account with steam safeguard enabled.[/quote]

I would just like to point out that you would still get the email to verify the password change even if you had Steamgaurd disabled, essential what Steamgaurd is for is to prevent access to your steam account through the steam client on a more than 1 computer unless you authorize it by a code that is sent to your email, I have it disabled on my account as I quite regularly use another computer for accessing my steam account(or my son does on his laptop), essentially the existing password has to be known by the person who is accessing steam on the other computer, so unless you are in the habit of sharing the password with complete strangers it is quite safe to have Steamguard disabled!  :wink:

davejc64 wrote:... so unless you are in the habit of sharing the password with complete strangers it is quite safe to have Steamguard disabled!

transadelaide wrote:

davejc64 wrote:... so unless you are in the habit of sharing the password with complete strangers it is quite safe to have Steamguard disabled!

I'm sure this was a typo and that you really meant to say "it is quite convenient" to ignore security features, not safe.

chrisiveson wrote:... the only issue I have since we got TS 2012 is the relationship with RailDriver, and RSC have kindly told me it's not their problem.

Chris. ( happy enough with Steam, not quite so happy with RSC though. )

Leaf85 wrote:One reminder tip with regards to emails; never ever clic the links in the email even if the email looks legitimate. I recommend going directly to the official site (don't clic the site link in an email either as there can be a redirect to a bogus site) to do anything with your account(s). Bogus emails with intent on relieving you of your games, cc info, personal info etc have become more prolific in the last few years, particularily in the world of MMO's (EVE, World of Warcraft, EverQuest to name a few) as there is a lot of money to be made illegally by those scammers. This isn't to make anyone paranoid, but to remind us that those scams exist and niche or not we should still be aware of what we do to keep our past-time secure.

Kind regards,
Dave