Search forums

Forums

Export thread

Steam Has Been Hacked

Nov 10, 2011#1

figmentPez

Steam forums taken offline following possible security breach

No details yet on exactly what information has been compromised, but if you used the same password on the Steam forums as you did anywhere else (especially your Steam account) make sure to change your passwords immediately.

EDIT: Steam itself has been hacked, but it's still not clear just how much was stolen. More details as the story progresses.

Nov 10, 2011#2

Tress

This is why every site gets a different password. I'm more concerned about the possibility of credit card info being stolen.

Nov 10, 2011#3

Disconnected

I've never been on the Steam forums. Hooray!

Nov 10, 2011#4

Covar

Not just the Steam forums, the hackers got into the main Steam database.
Full Story by Ars

Gabe Newell's response/apology:

Dear Steam Users and Steam Forum Users,
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.

Nov 10, 2011#5

Disconnected

You turned my smile upside down

I want some free stuff now.

Nov 10, 2011#6

Jay

Click Steam in the Systray
Go to Settings
Manage Steam Guard Account Security...
De-authorize all other computers now
Better to play it safe.

Nov 10, 2011#7

Jay

Also make sure to change password.

Check your credit card every day... and hope you didn't buy shit from Origin... or else you fucked son.

Nov 10, 2011#8

Hailey Knight

I don't even have Steam installed since I had to reformat...

But I think the last time I bought anything was before the PSN hacking, so they should just have my old card. But I think I'll change info anyway.

I don't think I even remember the password.

Nov 10, 2011#9

bhamv3

Try to change my password, "Steam cannot currently process your request."

I guess lots of people are trying to change their passwords.

Nov 10, 2011#10

figmentPez

bhamv3 said:
Try to change my password, "Steam cannot currently process your request."

I guess lots of people are trying to change their passwords.

Or they shut that down because it's compromised in some way, and all the people who already changed their passwords are the ones that are screwed.

/paranoid.

Nov 10, 2011#11

Hailey Knight

I just changed mine and it went through fine.

Nov 10, 2011#12

bhamv3

Yeah, I just tried again and it worked.

Whew.

Nov 10, 2011#13

Jay

As long as you followed what I wrote above, they'll absolutely need to respond to the confirmation e-mail you'll receive if you try to access this from another PC.

The only thing I'm apprehensive about is the credit card information... if that has been compromised, then the shit will hit the fan.

Nov 10, 2011#14

bhamv3

To be honest, I'm surprised it took this long for Steam to be cracked. Surely people have been digging away at it for a while.

Nov 11, 2011#15

@Li3n

I wonder, do they keep my card's info even if i tell them not to remember it for next time?...

Nov 11, 2011#16

Dei

Jay said:
As long as you followed what I wrote above, they'll absolutely need to respond to the confirmation e-mail you'll receive if you try to access this from another PC.

The only thing I'm apprehensive about is the credit card information... if that has been compromised, then the shit will hit the fan.

Kind of glad that the movie theater near me got it's shit stolen, so now all Steam has is my canceled card, and I don't even need to think about it... until I want to buy something new.

Nov 11, 2011#17

rathkor

Yeah, I just got my card replaced to. Lucky me. Is Valve giving us free stuff?

Nov 11, 2011#18

figmentPez

rathkor said:
Is Valve giving us free stuff?

I haven't heard anything yet, but I'm callling: Commemorative Hat in TF2

Nov 12, 2011#19

rathkor

figmentPez said:
I haven't heard anything yet, but I'm callling: Commemorative Hat in TF2

By wearing the hat, you just tell the world, "Look at me! I got hacked and all I got was this shitty fake hat!"

Nov 12, 2011#20

Hailey Knight

rathkor said:
Yeah, I just got my card replaced to. Lucky me. Is Valve giving us free stuff?

I'm guessing that since we're still able to play games on Steam, we won't be getting anything. When Sony got hacked, PSN went down entirely--zero functionality. Valve's kept the service going this whole time.

Nov 12, 2011#21

figmentPez

Nerf Now #624

Nov 14, 2011#22

Allen who is Quiet

I think ejaculating is completely the wrong reaction to finding out about Steam getting hacked.

Nov 14, 2011#23

Dave

This is the only good thing about being totally broke. The card I use is pre-pay only and only has a few bucks on it at any given time. I changed my password anyway, but there's no money to be gotten from me.

Feb 10, 2012#24

figmentPez

Message from Gabe to Steam Community
2012_02_10

Dear Steam Users and Steam Forum Users:

We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe

In short, the hackers got encrypted credit card numbers, but not Steam passwords. It's still not known if they've broken the encryption.

Feb 10, 2012#25

Covar

I once again want to state how much I love their transparency in this.

As opposed to some other companies behavior:

Forums