Steam user database compromised, Newell addresses Steam users

[RupeeClock]

Dammit, have to change all my passwords again.

Can't even use punctuation, one site wouldn't accept £ in the password, another wouldn't accept !, annoying shit.

 

[Flame]

the only game i have is portal, so meh.

 

[alphamule]

Mentioning encryption, how does that work for credit cards? A previous poster said they use AES256 but I'm wondering how secure a 2048-bit public key given to them from the payment processor(card handler/bank) for their specific use is? They'd have to revoke the key with their payment processor but that shouldn't be too painful. It would require everyone to reenter their info, though. The advantage is that they encrypted card info is useless to any other vendor and definitely to any hackers.

It's also possible that every user has a unique 256-bit key sent by the payment processor using a public key to establish the 256-bit session key. This is otherwise known as SSL or variants. You setup a secure channel (key exchange using public-key) and then send any keys of specific card holders over this. I highly doubt they have this level of security, but you never know. This is of course a trade secret/patented I bet. It would be funny to see payment processors still using the rather broken SSL 3.0, though!

 

[Qtis]

http://kotaku.com/5858513/what-the-psn-outage-tells-us-about-the-steam-hack

Nice read actually. What similarities do we see?


-Qtis

 

[Gh0sti]

well i went into settings and went to change my password and it said steam is busy and cannot do it at this time

nvm i was typing in the wrong password got it changed so alls good

 

[RupeeClock]

http://kotaku.com/58...-the-steam-hack

Nice read actually. What similarities do we see?

I thought it took Sony MUCH longer to actually alert their users about the compromise? As in, Sony tried to save face by covering it up for some time... Valve were much swifter when they had realised it was not just a forum defacement.
On top of that, Sony had allegedly stored sensitive user credentials, including CC information in plain text, where as Valve hashed and salted CC numbers and passwords.

I'd still much rather trust Valve than Sony, and I still do trust Valve.

 

[ShadowSoldier]

I changed my password. I told my friend about it considering I'm using HIS credit card. I hope they get it solved soon, preferably before the launch of Arkham City. Or I'll even accept if they don't solve things in time, but we're still able to download the game.

 

[alphamule]

I'm glad to hear that everything worked out! It seems that no one lost any steam purchases or their credit card info. Still, anyone with a lick of sense is going to go order a new card and change their forum+steam passwords.

What do you think was the motive for this? Profit? Bragging rights? And BTW lulzsec aren't the only people that can do this.

 

[Zarcon]

This kind of stuff happens all the time.
The really malicious people just don't make it public that they've done so.

 

[Seyiji]

As a gesture of goodwill gabe should give out a free game or credit
steam needs better security.

Steam giving out a free game = Steam giving out free Skyrim almost on release.

In other words, it won't happen.

Portal 1 has been free twice now. Team Fortress 2 went free to play. Owners of the original Half-Life who register the key on Steam receive Blue Shift, Opposing Force, Team Fortress Classic, Counter-Strike, Deathmatch Classic, Ricochet and Day of Defeat. Not to mention the constant content updates and engine upgrades for a bunch of Valve's games. Oh yeah Valve don't give us shit!

Anyhoo I heard through the grapevine that if shit got real they are going to start giving out copies of Portal 2 and beta access to DOTA 2.

 

[Tom Bombadildo]

As a gesture of goodwill gabe should give out a free game or credit
steam needs better security.

Steam giving out a free game = Steam giving out free Skyrim almost on release.

In other words, it won't happen.

Portal 1 has been free twice now. Team Fortress 2 went free to play. Owners of the original Half-Life who register the key on Steam receive Blue Shift, Opposing Force, Team Fortress Classic, Counter-Strike, Deathmatch Classic, Ricochet and Day of Defeat. Not to mention the constant content updates and engine upgrades for a bunch of Valve's games. Oh yeah Valve don't give us shit!

Anyhoo I heard through the grapevine that if shit got real they are going to start giving out copies of Portal 2 and beta access to DOTA 2.

Proven fake. Sorry. See here: http://gbatemp.net/topic/313334-valve-offering-free-portal-2-and-dota-2/page__view__findpost__p__3970380

Anyways, that sucks but luckily I never really used Steam to much. So...yay for me?

 

[amptor]

I'm not too worried about it. I don't store my CC info in there and even if I did, it would be useless for anyone to have since the card I used on there is hardcore against people that try to steal.

I guess the only thing that would be of concern is the password to the account just so that nobody can change it.

I don't believe that any information is safe on the internet.

 

[ProtoKun7]

My password on site is different to my others, and I have Steam Guard enabled anyway.