Important! Steam forums 'Possibly' Hacked..

[Easilyconfused]

Locked whilst I sort a thing or two out. No bad motive - just need to get a sticky running without additional posts.

OK - I made a sticky thread in here and the Steam Help forum.

Unlocking this one now for continued discussion since the sticky threads are locked for replies. However, don't use this as an excuse to wage war on the forums about getting RS.Com to abandon Steam. Any such posts should be sent by email to the support address at RS.Com. Posting here will not have any effect on their company policy I suspect even if it makes you feel better.

Personally - I will continue to use Steam despite this issue since I have a bunch of other games bought via the downloads.

[crumplezone]

Feels like aload of scaremongering and abit of trying to bash Valve's image to be honest. I'm also not really surprised the steam forums got comprimised, vbulletin is what the run in and that forum software hasn't been secure for years and each code release contains more security holes than the past. I also wouldn't even consider this much of a big issue, its certainly not on the scale of Sony's hacked database back beginning of this year and the forums were shutdown and put into maintaince mode pretty quickly, so Valve as a company was on the ball, plus they released information after 4days saying some information from a database possibly linked the forum might have had information taken, but after working days they not seen any comprimised steam accounts (nore should they unless the user is stupid enough to have password and username for forum and steam account the same and have steamguard off aswell as there email account hacked) and they not seen any evidence of people having there money swiped.

It doesn't feel like a organised hacker group out for criminal intent, yes what they done is still criminal, but it seems more along the lines of the group earlier this year LULZ corp rather than something much bigger or more threatening. Anyone who keeps a vigilance over there computer and bank account shouldn't be quick on the ball to notice any issues, I'd also think if it was a big group of hackers alot of reports would be flooding in of hundreds of $/£/whatever currency you use dissapearing to odd payments they never made by now. Hackers know once they comprimise a database they have to use that information ASAP since the security measures I assume which detected the hacking attempt would kick in and start sending out warnings, so even if they did get access to personal information they have to act within hours to get use out of it.

I also know this from personally experiencing debit card fraud in beginning of last year, my bank red flagged the tractions in a hour and phoned me, I confirmed they were fraudalent and the card was voided, any sensible person has this kind of level of security from there bank. Also the news of the hacking hasn't stopped me from purchasing nore am I going to go into panic mode over it.

Unless someone physically has access to my computer, hacked my email account and knows both password and username, there really isn't anything they can do with my account. All changes to account get a confirmation email, so as said, if the email isn't hacked there shouldn't be a problem.

[chrisiveson]

click to enlarge

[AndyM77]

Personally - I will continue to use Steam despite this issue since I have a bunch of other games bought via the downloads.

Exactly, Steam is about as secure as everything else when it comes to online purchases. I continued to use Steam after the CyberCafe incident of 2007 ( http://www.bit-tech.net/news/bits/2007/ ... o_stolen/1 ) and subsequently the guy was caught in '08 ( http://www.itexaminer.com/PCs/tabid/75/ ... acker.aspx ) and will continue to do so.

The thing that I do not do is allow Steam to save my purchase information. Granted, it may still be floating about somewhere in Cyberspace but even if it reduces the chances of anything happening by 0000.1% then at least I've tried to do something about it.

There should be the Thanksgiving sale in about 10days time too, and I'm certain that there will be some bargains then that I want to get my hands on.

[crumplezone]

Forgot in my last post, I'll stress the point of scaremongering again because the information they got password wise in locked under hashed and salted password level encryption which is unbelievably difficult to crack, it should be similar case for the encrypted credit card details. If its a small group of hackers, which seems to be what its pointing at considering they aimed at only the forums, then they are very unlikely to have the knowledge of tools nessessary to crack open the level of encryption the files are reportly under.

I'd also consider with how quick Valve has been to give information to the steam community that they are pretty confident with the situation and its not spiraling out of control and won't be a repeat of what happened to Sony. I think the announcement thread is fine, but discuss value there isn't much else to go on besides rampart speculation and scaremongering, even if anyone from here was unfortunate enough to have been effected by it, here on these forums would not be the correct place to voice concerns or go on a vigilanty spree trying to convince RS.com to leave steam.

Considering this is first major attempt of hacking steam's databases in the years its been open and successful for, I'd tick that off as another reason for believing in steam's security and not jumping off the deep end and pitchfolking steam or valve.

[styckx]

Meh. Not worried. Just another day on the internet.

[TransportSteve]

Thanks for posting the message from Steam, I wouldn't have read it otherwise, I don't go on their forum generally, full of blinking kids who think they know more about PC games than I've had hot dinners.....Bah.

Cheerz. Transport Steve.

[220389]

Im not worried at all by it as trust steam and wasn't trying to bash it. Just thought would be helpful to post on here that is all.

Unlike the PSN disaster they have encrypition on passwords and credit card details etc.

Chris

[ihavenonamenoreallyidont]

Meh. Not worried. Just another day on the internet.

Where's that +like, +1, thumbs-up button?

[styckx]

Just adding some information here, and advice. Reading around I see some going into panic mode when it isn't really anything to panic about. (imo)

There are two ways this hack *may* affect you.

#1. The hackers have a Super Computer on hand and crack AES256 Salted encryption and get a hold of CC info and your login and password. More importantly your CC info. This is easy to monitor and get money back from any fraudulent charges.

#2. Sadly, the more likely scenario. You recycle passwords. Ie: The same password you used on the Steam forum is also the same password you use for online banking, email, Paypal, etc etc. Vbulletin stores this stuff differently than Steam itself does. Ie: Easy peezy getting to stuff. Ie: Email, login, password.

Anyone who recycles passwords should really consider stopping. Yes, it may add an extra 5 minutes to your day to change them. There is a handy dandy and well respected app that can not only manage all your passwords but also create very complicated randomly generated ones for you also. It is called KeePass and you should read about it and get in the habit of using it.

More information here: http://www.google.com/m/url?ei=mzy9TrDR ... 3ONMF_N6sA

Last but not least. You stand a chance of this happening anywhere. From Steam, Paypal, Your Bank, or the biscuits shop down the street. When a business swipes your card it is electronically sent to a processing facility to do all the banking portion of the transaction and then send the approval message back to the business. They can, and have been hacked also. You are always, no matter what, at risk. If RSC setup a in house store. Yep, that would stand just as much of a chance of being hacked as anything else. Again, the risk will always be there unless you cancel all credit and debit cards and go offline permanently.

[crazyfrogbro]

steam forums hacked? The end of the world because it not happens every day even OFFLINE! Or does it? Yes of course.
I never use those fancy net credit cards, because they aren't secure, and the banks even want more yearly fee for it. If i need, is just transfer some money to my paypal, and purchasing from steam with that. And of course i use keepass, with very strong generated passwords. Good luck for hacking those

[TheTazman]

Stunning to think that with all this technology in this world this can still happen.

Very dissapointed that this has happened.

[styckx]

It can happen anywhere. Hopefully Gabe fires the IT administration. Stuff like this is usually the result of shoddy and lazy network administrators. Reading security sites is a depressing affair. So many stories of companies informed of a hole in security that could be breached and years later it is still there. Then there are the cases that someone reports a security problem with a website and the company sues that person for damages and then still never fixes the problem. This happens everyday. Heck Sony was warned prior to their hack and did nothing until it was finally just hacked. Again, lazy IT work.

[tofwings]

Not only this, but my Xbox Live acc was hacked yesterday, 2000 MS points used to purchase Fifa addons..(i dont even have the game )
Contacted MS and my acc is now suspended for possibly 30 days, ( guilty until proven innocent )
My point is, that its happening everywhere, to a lot of people ...Changing passwords on a regular basis is good advice, but there are just times when, doesn't matter what you do, stuff happens ,

I have been with steam since its inception , and see no reason as yet to stop.

Brian.

ps..Looks like RW and Skyrim will take a bashing in the next 30 days

[theokus]

How do I change my password with Steam.
I did read a LOT of bla bla but I cann't find how to do it.