1. We have added a Gift Upgrades feature that allows you to gift an account upgrade to another member, just in time for the holiday season. You can see the gift option when going to the Account Upgrades screen, or on any user profile screen.
    Dismiss Notice

Steam hacked - All Steam users are adviced to change their Steam passwords(Nov. 2011)

Discussion in 'Civ5 - General Discussions' started by The_J, Nov 10, 2011.

  1. spider1

    spider1 Prince

    Joined:
    Mar 29, 2006
    Messages:
    569
    I can't change my password until I get to my home computer because I can't remember the settings to my email account to set it up on this computer to RECIEVE THEIR STUPID EMAIL SUPPOSEDLY PROTECTING MY SECURITY AFTER MY ACCOUNT HAS POSSIBLY BEEN BROKEN INTO.

    This pisses me off. I was just getting to like steam until this.
     
  2. Maniacal

    Maniacal the green Napoleon

    Joined:
    Mar 13, 2005
    Messages:
    18,778
    Location:
    British Columbia, Canada
    What crazy and not easy to access set up for your e-mail are you using? I've only ever used webmail services like gmail though.
     
  3. Snoopaloop

    Snoopaloop King

    Joined:
    Jun 23, 2007
    Messages:
    607
    Thanks for the update!

    I recently had money stolen because my little cousins xbox was hacked (150$ worth of credits bought) and I had recently used my paypal account to buy him some DLC so we could continue playing online together.

    Hope to not have to go through all that crap again with Steam.
     
  4. Maktaka

    Maktaka Warlord

    Joined:
    Oct 20, 2010
    Messages:
    168
    The only way you would not be vulnerable to this sort of an attack is if you were to completely abstain from any kind of online purchase. Ever. At all. For all time. Read the notice from Valve and take a look at what was stolen and whether or not that's something any other online game store (digital or a retail box) would save:

    user names (used by all online game stores), email addresses (ditto), hashed passwords (ditto), purchase history (ditto), billing addresses (ditto, and Steam makes it optional to store this) and encrypted credit card information (ditto, and also optional)

    So unless you have never purchased any game online and will never do so, you're just a hypocrite. I'll assume you're steadfastly avoiding the digital gaming revolution; to do otherwise and then make a statement like that would just be silly.
     
  5. kiwitt

    kiwitt Road to War Modder

    Joined:
    Jan 11, 2006
    Messages:
    5,561
    Location:
    Auckland, NZ (GMT+12)
    Glad I uninstalled steam and Civ 5 ages ago and never ever used my credit card with them either.

    Credit to the cfc team for spreading the word.
     
  6. Toadman2

    Toadman2 Chieftain

    Joined:
    Nov 5, 2011
    Messages:
    21
    Well it's been hacked and countless people may have been put at risk. I hate the way the computer industry has gone, all to secure MONEY. I constantly feel like I am at risk online. I do less and less business online because of this that seem to be so common and happening more frequently.

    Just sell your crap at stores!:sad:
     
  7. Camikaze

    Camikaze Administrator Administrator

    Joined:
    Dec 27, 2008
    Messages:
    27,304
    Location:
    Sydney
    Moderator Action: Toadman2's thread merged. Please confine related discussion to this thread.
     
  8. Maniacal

    Maniacal the green Napoleon

    Joined:
    Mar 13, 2005
    Messages:
    18,778
    Location:
    British Columbia, Canada
    Retail stores aren't immune from security breaches, hacker attacks or fraud either :p I'd be curious to know if it actually is happening more frequently or not, as it has always been an issue (although security systems have vastly improved over the years). Companies are definitely getting better at reporting them though, since people find out anyway and Sony received a huge amount of backlash for not coming out about getting "hacked" earlier this year (and not encrypting anything either).
     
  9. Knut_Are_M

    Knut_Are_M Prince

    Joined:
    Aug 15, 2008
    Messages:
    323
    annoying. one of the reasons why i use a credit card with no cash on it untill i put a small sum in before i pay for the goods.
    anyway, a good tip is to change all your important passwords on a 3 month basis.
    And never ever have a lot of money on your online credit card. just order 2 cards and move money from your main card to your online credit card each time you buy something.
     
  10. Depravo

    Depravo Siring Bastards

    Joined:
    Sep 28, 2005
    Messages:
    1,309
    Location:
    England
    I didn't get the notification posted below you either, and in any case not all of us sign into Steam on a daily basis or check the forums at all.

    They have our email addresses, why the hell they didn't send out a round robin for this of all issues is beyond me.
     
  11. Genocidicbunny

    Genocidicbunny Bug squasher

    Joined:
    Feb 5, 2005
    Messages:
    5,473
    Location:
    Orange Town
    Okay, let's set some things straight for the ignorant (cough most) people here.

    Moderator Action: As mentioned on the previous page of the thread, please do not call other members ignorant.
    Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889

    First off, the hack occurred on the Steam forums. Steam forums and Steam accounts are two separate entities. If you had two different passwords for the two accounts, there is an extremely (and I emphasize, extremely) low risk of your Steam account password being exposed. Modern encryption, especially with salting makes it damn near impossible to crack those passwords without the key. With that being said, it is always, always a good idea to change your password after something like this, irrelevant of whether or not it affected you (on the tiny off chance that it did)

    Second: you should have had Steam Guard enabled. If you have that enabled, then you're pretty much home free. Unless you happen to use the same password for your email, in which case you're pretty screwed. Still, it's your own damned fault. Never use a weak and non-unique password for your email as you can recover access (and thus someone else can too) to most of your other accounts through your email. Anyways, Valve sent out plenty of emails, plenty of in-Steam notices about having Steam Guard enabled. If you didn't do it, well, your own damned fault.

    Third: if by some stoke of unluckiness your account was breached and there are charges being made against your account -- dispute them! First of all, make sure you're checking your card statements for the next week -- if any erroneous or fraudulent charges pop up, make sure you report them. With this being said, they are fraud charges, you can dispute them and get your money back. You will likely have to close your card or even more so the bank will likely immediately issue you a new one (and invalidate the old). Sorry, I know it sucks, but thats how it is on the Internet.

    Fourth: To all those of you who say you 'deleted' Steam -- you didn't. Their databases, just like every other internet-based company out there, still contains your info. So if you think you're safe because a month ago you stuck your head in the sand, you're quite wrong. Make sure you stay vigilant, and better yet, go log back in, change your passwords, etc. Before you go bashing Steam for keeping your data -- Google does it. Yahoo does it. Facebook does it. Hell I bet even CFC does it. From a technological standpoint, it is much more difficult to delete a database entry that is referenced in multiple places than to just invalidate it. That is how current database-driven sites work. I want to repeat, Steam is not alone in this, everybody does it. If you do not want to have your information stored and collected, go and unplug your modem, and go back under your rock.

    Finally, I want to address the 'increasing amount of data breaches'. Yes, they have increased, but only because the number of people and services online have too. In fact, I would say that as a percentage of overall activity online, they have either stayed the same or decreased. In the past, companies would rarely if ever report major data breaches such as this. It was bad PR to announce them, so they kept them under the wraps. The data was still stolen though. These days, the PR hit from not taking action right after a data breach such as this is much greater with the proliferation of internet-based media. Thus, you are in fact much more likely to hear about a major data breach, and more likely to hear about it in time to prevent your personal data being used in nefarious ways. It has gotten a lot better in the last decade. In addition, the recognition of data breaches as a major issue means there are many more ways to address them after the fact, and it is a lot easier to get some sort of compensation if for instance your bank accounts are flushed.

    So please, those of you getting your panties in a twist. You have every right to be pissed off, but little right to be pissed off at just Steam. This kind of stuff happens a lot more often than you think. You should most of all be pissed at the people who perpetrated this.

    Suit yourself. Despite this breach, Ill continue to enjoy the games Steam brings me. 80+ games and under 300$ spent on all of them. Booyah. Not to mention the myriad of other things Valve as a company does.

    Popped up on Update News for me immediately when I started Steam.


    Nobody shoved it down your throat but you. You didn't have to buy the game, but you did. Quit whining, nobody forced you.

    Right on. This man has the right idea.

    The likelihood of that is very very tiny. It is also a risk you take every time you use the internet. Not a Steam exclusive (heh-heh)

    Doesn't matter, your info is still in their database. Deleting your account merely marks it as inactive in their database.

    Im more paranoid than most about this (ask anyone on IRC, I've been called a foil-hat-nut about privacy) but even I realize that this is not an exclusively Steam issue. So yes, all you paranoid folks were..I would not say you were wrong, but just a wee bit off on your aim. You should have been paranoid about..oh the whole Internet.

    It's a multiplayer game. Anyone that says otherwise is an eejit. Before you say otherwise, tell me, is that a Multiplayer button in the in-game menu?

    For the love of god don't use any other digital distribution platforms. The only one on the same level as Steam I would say is GOG. Everyone else is even worse about your data.

    As for the email, thats your own damned fault. It's your email, you should know how to access it.

    You more than likely wont. Now PayPal on the other hand, give them any leeway and they'll suck you dry.

    as said above, your data is still in their databases. God forbid you used the same password as for your email, because then they could get at your email, and from there, anything linked to your email is their apple.

    Nope, just being reported more often, which is a good thing. Because at least you know and can take steps to mitigate the damage versus not knowing until you've been bled dry.

    That's not a credit card, that is a debit card. If you used an actual credit card, you would be fairly bulletproof. The two are not the same. With a credit card, you have a lot more recourse as the money has not been drawn from your bank accounts, but is rather still just a debt (that you can dispute)

    Because we all know how well yelling 'Fire!' in a theatre works. They made a statement, sending out a blast email is likely to cause more PR damage. This would cause a mild panic amongst the less informed, leading to Valve's support resources being much more saturated, leaving those who are actually affected waiting longer. It's not perfect, but the pros of not sending out that blast email outweigh the cons for everyone.

    Moderator Action: As mentioned on the previous page of the thread, please do not call other members ignorant, and don't imply that they're idiots either.
    Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889
     
  12. ShunNakamura

    ShunNakamura Warlord

    Joined:
    Jul 21, 2005
    Messages:
    235
    Sadly it also means those of us who apparently had their steam glitch up on us and not display any info regarding the hack were left in the dark. Luckily, since all I have are gifted games on steam I used a toss-away password for it and there is no data really to be had.
     
  13. pontias

    pontias Warlord

    Joined:
    Jun 2, 2011
    Messages:
    132
    how do you know if you've been hacekd?
     
  14. MisterBoomBoom

    MisterBoomBoom King

    Joined:
    Nov 10, 2010
    Messages:
    680
    Just a quick suggestion that has me sleeping well at night: Get yourself a Visa Gift Card ($50 or so) and use that for your credit card for any online site. IF someone does hack in and manages to steal or use your account you are out only Said $50 or so bucks, don't have to jump through any hoops with your major credit card holder and you can still dispute the purchase.
     
  15. Louis XXIV

    Louis XXIV Le Roi Soleil

    Joined:
    Mar 12, 2003
    Messages:
    13,579
    Location:
    Norfolk, VA
    Well, to be fair, that system is set up to thwart the hackers. It's harder for you, but it also makes it harder for the hackers (unless they have your email password).

    It appears this was mostly directed at their forum (which I'm not registered), but I changed my password anyway, since it can't hurt.
     
  16. SuperJay

    SuperJay Bending Space and Time

    Joined:
    Sep 24, 2010
    Messages:
    3,273
    Location:
    Shacklyn
    I was logged into Steam as I wrote that - and no notification. Not on the forums, on Steam itself. Nothing. Pretty lame, Valve. I'm finding out about your security breaches through CFC, RPS, etc - that's not how your customers should be alerted to your compromised database.

    Granted, it's nowhere near as bad as Sony, but this is not something one should have to go looking for. Steam's great at throwing all kinds of other popups at you for no apparent reason; this is the one situation where a big notification should immediately appear right up front as soon as the Steam app was launched.
     
  17. Ruler

    Ruler Prince

    Joined:
    Mar 28, 2006
    Messages:
    443
    No reason to change password, Steam lock itself if someone logs from different IP than yours. Unless they can bypass that everything should be ok.
     
  18. CommonKnowledge

    CommonKnowledge Warlord

    Joined:
    Jan 22, 2011
    Messages:
    190
    Unless money starts to go missing from your bank account you probably won't be able to tell if your private information has gone walk-abouts - unless Valve informs users with compromised accounts that is.

    General rule of thumb though is that your important information like credit cards will be stored in an encrypted form. Unfortunately it seems that those encrypted passwords themselves have been compromised; whether or not they're crackable is another matter. If you use a reasonable password (upper and lower case plus some numbers, throw in some special characters like ? ! / and alls gravy) you're probably fine, but if your password is something susceptible to a dictionary attack then you might be in trouble, e.g. if your password was manchester or something.

    If you're particuarly worried then you can always phone up your bank and ask them to freeze all transactions from Steam - I haven't done this myself so I don't know the specifics of the process. However there have been occasions where I had to phone them up because they froze some legitmate transactions and the process seems simple enough.

    Also I just logged into Steam myself and there's now a message being displayed when the update window is brought up before all the other game promotions. However I think Valve definately need to send out emails to their customers.
     
  19. SuperJay

    SuperJay Bending Space and Time

    Joined:
    Sep 24, 2010
    Messages:
    3,273
    Location:
    Shacklyn
    No reason not to change your password, since you should do so regularly and now's as good a time as any.
     
  20. CommonKnowledge

    CommonKnowledge Warlord

    Joined:
    Jan 22, 2011
    Messages:
    190
    Double post but this also needs to be said.

    A lot of people use the same passwords for multiple accounts, i.e. email, Steam and work accounts. User emails accounts were among the things compromised and if the hackers have your Steam password + it's easily guessable then they also have your email account and access to it. In which case Steam Guard will make no difference as it only sends an email to your specified account asking if it's you logging in.

    Merely having Steam Guard does not mean that you're immune to any risk - although having it enabled does reduce it.
     

Share This Page