Steam user database compromised, Newell addresses Steam users

[Deleted_171835]

Spoiler

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

Source

Glad I activated Steam Guard. All those annoying emails were worth it.

 

[Nujui]

Didn't know they went that far.

Haven't really log into steam for sometime, better do it now.

 

[8BitWalugi]

Am I the only one that's getting really fucking pissed off by these hacks?

 

[jamesaa]

Ah crap, so that's why the forum has been down for the last few days.

Better go change some passwords, and check my card statements.

At least I still have steam guard, and my email password is nothing like my Steam password so my account should be safe.

 

[Heran Bago]

Hilarious! Good thing I use a unique password for Steam of anything that could conceivably be tied to a card or account!

 

[Xuphor]

Glad I was banned from steam years ago, and never used any real information anyway.

 

[Prof. 9]

Am I the only one that's getting really fucking pissed off by these hacks?

I'm pissed they keep letting themselves get hacked.

 

[MarkDarkness]

That's what you get for buying games "legitimately". Not only you don't own the game, you still have your confidential data handled by idiots who will get their asses pwned by someone. Don't know why ever ever choose to trust that shit Steam... I have officially stopped buying from it and removed my personal information from it permanently.

 

[chyyran]

God, how did this happen?

Anyways, Gabe Newell is one of the few people in corporate that I respect, he has the guts and courage to come out and admit that something bad has happened, and to apologize for something that was not his fault.

Good thing I have never bought a paid game on Steam?

 

[Deleted-236924]

Good thing I never bought any games on Steam.

 

[Thesolcity]

Oh fuck

 

[Deleted_171835]

You guys do realize that your passwords were "hashed and salted" and that the credit card numbers were encrypted.

Your personal information hasn't necessarily been accessed yet which is why it's in your best interest to change your password now.

 

[junkerde]

wat about all the games i registered! ALL OF THEM ARE GONNA GET HACKED AND I WONT BE ABLE TO GET THEM??? (changes password) no more panic hahahaha (next day credit card number stolen, dies)

 

[baramos]

Sounds like they followed good security practices as far as keeping some things encrypted, in different databases, not storing clear text passwords etc.. The fact is no software or firewall is perfect never will be with the modern complexities and any system is potentially at risk as long it is online or comes in contact with anything that has been on a machine that is online like a usb stick, no matter how much you spend just ask the US government . But you can follow smart practices like they did to reduce the harm done if a breach does occur as they did. Just change your password sounds like its no big deal at least they actually told us what was up unlike with our pals Sony who took forever. I never got much from steam just a few gifts from friends is it but hearing there security practices makes more personally more confident in purchasing from them in the the future I'll prob hit up there Christmas sale this year.

 

[injected11]

wat about all the games i registered! ALL OF THEM ARE GONNA GET HACKED AND I WONT BE ABLE TO GET THEM??? (changes password) no more panic hahahaha (next day credit card number stolen, dies)

(Unchecks the "save credit card info" box on checkout screen)
Well that was a hard problem to solve...

Steam took proper precautions to ensure they couldn't get their hands on usable data, and informed us of what happened much quicker than other companies have in the past. People need to read the statement and understand what it says before they start bitching and moaning over something that will have no effect on them at all.

 

[deathking]

As a gesture of goodwill gabe should give out a free game or credit
steam needs better security.

 

[junkerde]

wat about all the games i registered! ALL OF THEM ARE GONNA GET HACKED AND I WONT BE ABLE TO GET THEM??? (changes password) no more panic hahahaha (next day credit card number stolen, dies)

(Unchecks the "save credit card info" box on checkout screen)
Well that was a hard problem to solve...

Steam took proper precautions to ensure they couldn't get their hands on usable data, and informed us of what happened much quicker than other companies have in the past. People need to read the statement and understand what it says before they start bitching and moaning over something that will have no effect on them at all.

(reads quote, still dies.)

 

[The Milkman]

Looks like steam pulled a Sony
-ta-ta-ta-dum.

 

[MarkDarkness]

wat about all the games i registered! ALL OF THEM ARE GONNA GET HACKED AND I WONT BE ABLE TO GET THEM??? (changes password) no more panic hahahaha (next day credit card number stolen, dies)

(Unchecks the "save credit card info" box on checkout screen)
Well that was a hard problem to solve...

Steam took proper precautions to ensure they couldn't get their hands on usable data, and informed us of what happened much quicker than other companies have in the past. People need to read the statement and understand what it says before they start bitching and moaning over something that will have no effect on them at all.

You speak as if you knew the grade of the encryption used. Encryption != everything is fine. Credit card data, in any state, is the highest form of security breach.

 

[Deleted-236924]

As a gesture of goodwill gabe should give out a free game or credit
steam needs better security.

Steam giving out a free game = Steam giving out free Skyrim almost on release.

In other words, it won't happen.