Steam Database (possibly) was Hacked

Anything Steam or Source related! Show your off your SDK work, mods, etc here, found a fun SourceMod? Post about it here as well!

Moderator: Moderators

Post Reply
Fusion
Gametoast Staff
Gametoast Staff
Posts: 2551
Joined: Sat Jun 24, 2006 4:16 pm

Steam Database (possibly) was Hacked

Post by Fusion »

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
I really hope all of these database intruders love how very close they are to creating some sort of cyber police and draconian internet laws.

Edit: This email has only reached a few people. It may be the hackers themselves sending it or a complete hoax to prey upon recent fears. It could also be real, so be cautious.
User avatar
Nihillo
Master Bounty Hunter
Master Bounty Hunter
Posts: 1548
Joined: Sun Jan 04, 2009 9:53 pm
Location: Brazil

Re: Steam Database (possibly) was Hacked

Post by Nihillo »

I recall reading a statement from Valve from earlier this year, where they said that they were taking all of those attacks very seriously and they were analysing the best way to deal with it, just in case it happened to them. Well, apparently those measures did nothing at all.

If that's what really happened, then I'm kind of disappointed on them; I guess there isn't much you can do to protect your stuff on the internet, someone will always crack the code, still, we shouldn't just accept this as a reality of life.
Fusion
Gametoast Staff
Gametoast Staff
Posts: 2551
Joined: Sat Jun 24, 2006 4:16 pm

Re: Steam Database (possibly) was Hacked

Post by Fusion »

I just got this message in the Steam updates/ads thing when I restarted. I advise that everyone changes their password.

I doubt the CC info will be compromised, because it would literally take years to break into hashed and salted passwords.
Fingerfood
Sith
Sith
Posts: 1262
Joined: Fri Nov 30, 2007 9:40 pm

Re: Steam Database (possibly) was Hacked

Post by Fingerfood »

It's also on the Steam Forums. http://forums.steampowered.com/forums/

I might change my password. Not too worried though.
Moving_Target
Master Bounty Hunter
Master Bounty Hunter
Posts: 1670
Joined: Sat Oct 22, 2005 10:16 pm
Location: Here

Re: Steam Database (possibly) was Hacked

Post by Moving_Target »

I feel sorry for Gabe. I changed my pass when I heard it was just a rumor and I delete my CC etc info once I'm done making a purchase so I should be good.
THEWULFMAN
Space Ranger
Posts: 5557
Joined: Tue Aug 17, 2010 3:30 pm
Projects :: Evolved 2
Location: Columbus, Ohio
Contact:

Re: Steam Database (possibly) was Hacked

Post by THEWULFMAN »

I don't have a CC so I'm good. I may change my password, as it's the same one I use on 70% of the sites I have accounts on. Including here on GT. :runaway:
Grev
Hoth Battle Chief
Hoth Battle Chief
Posts: 3132
Joined: Sun Dec 09, 2007 11:45 pm
Projects :: No Mod project currently.
Games I'm Playing :: Minecraft
Location: A Certain Box Canyon

Re: Steam Database (possibly) was Hacked

Post by Grev »

Some good advice floating around the internet:

Steam->Settings->Account->Manage Steam Guard->Keep my account protected and deauthorize all other computers. Better safe than sorry.
Moving_Target
Master Bounty Hunter
Master Bounty Hunter
Posts: 1670
Joined: Sat Oct 22, 2005 10:16 pm
Location: Here

Re: Steam Database (possibly) was Hacked

Post by Moving_Target »

Forums are back, but I haven't read any update on the event. Which may be what Valve wants.
Twilight_Warrior
Droid Pilot Assassin
Droid Pilot Assassin
Posts: 2002
Joined: Sat Nov 15, 2008 1:57 pm
xbox live or psn: ScorchRaserik

Re: Steam Database (possibly) was Hacked

Post by Twilight_Warrior »

Update today
http://store.steampowered.com/news/7323/
Gaben wrote:Dear Steam Users and Steam Forum Users:

We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe
Moving_Target
Master Bounty Hunter
Master Bounty Hunter
Posts: 1670
Joined: Sat Oct 22, 2005 10:16 pm
Location: Here

Re: Steam Database (possibly) was Hacked

Post by Moving_Target »

I'm very happy and pleased that Gabe gave an update.
Caleb1117
2008 Most Original Avatar
Posts: 3096
Joined: Sun Aug 20, 2006 5:55 pm
Projects :: No Mod project currently.
xbox live or psn: No gamertag set
Location: X-Fire: caleb1117 ಠ_ಠ

Re: Steam Database (possibly) was Hacked

Post by Caleb1117 »

I've heard that the encryption algorithm for your credit cards on steam is the same method used by the US government for our nuclear launch codes, so I figure we're pretty save.

Good to know they're still investigating though.
User avatar
guru
Jawa Admin
Jawa Admin
Posts: 2390
Joined: Thu Oct 14, 2004 8:45 pm
Projects :: swbf 1 vanilla
Games I'm Playing :: any mobile rpg

Re: Steam Database (possibly) was Hacked

Post by guru »

I heard its Encrypted using m5d which is as safe and encrypted as using 111 as your password
Marth8880
Resistance Leader
Posts: 5042
Joined: Tue Feb 09, 2010 8:43 pm
Projects :: DI2 + Psychosis
Games I'm Playing :: Silent Hill 2
xbox live or psn: Marth8880
Location: Edinburgh, UK
Contact:

Re: Steam Database (possibly) was Hacked

Post by Marth8880 »

guru wrote:I heard its Encrypted using m5d which is as safe and encrypted as using 111 as your password
MD5 hash? Haven't there been several cases where that's been cracked with ease?
Twilight_Warrior
Droid Pilot Assassin
Droid Pilot Assassin
Posts: 2002
Joined: Sat Nov 15, 2008 1:57 pm
xbox live or psn: ScorchRaserik

Re: Steam Database (possibly) was Hacked

Post by Twilight_Warrior »

Marth8880 wrote:
guru wrote:I heard its Encrypted using m5d which is as safe and encrypted as using 111 as your password
MD5 hash? Haven't there been several cases where that's been cracked with ease?
Considering you can Google "Md5 encryption" and the first five search results are free encryptors/decryptors, and the fact that md5 hasn't been used legitimately since a fatal flaw was found in 2004, I'm almost positive that's a lie and Steam protects credit card info better.
Marth8880
Resistance Leader
Posts: 5042
Joined: Tue Feb 09, 2010 8:43 pm
Projects :: DI2 + Psychosis
Games I'm Playing :: Silent Hill 2
xbox live or psn: Marth8880
Location: Edinburgh, UK
Contact:

Re: Steam Database (possibly) was Hacked

Post by Marth8880 »

Twilight_Warrior wrote:
Marth8880 wrote:
guru wrote:I heard its Encrypted using m5d which is as safe and encrypted as using 111 as your password
MD5 hash? Haven't there been several cases where that's been cracked with ease?
Considering you can Google "Md5 encryption" and the first five search results are free encryptors/decryptors, and the fact that md5 hasn't been used legitimately since a fatal flaw was found in 2004, I'm almost positive that's a lie and Steam protects credit card info better.
Heh, I've actually had one of those pages bookmarked since 2010. :P
User avatar
guru
Jawa Admin
Jawa Admin
Posts: 2390
Joined: Thu Oct 14, 2004 8:45 pm
Projects :: swbf 1 vanilla
Games I'm Playing :: any mobile rpg

Re: Steam Database (possibly) was Hacked

Post by guru »

Yup I use them daily. Anyhow yea someone who took down Sony network told me that's what steam uses but that's not official or from me ;)
Post Reply