Okay, let's set some things straight for the ignorant (cough most) people here.
Moderator Action: As mentioned on the previous page of the thread, please do not call other members ignorant.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889
First off, the hack occurred on the Steam forums. Steam forums and Steam accounts are two separate entities. If you had two different passwords for the two accounts, there is an extremely (and I emphasize, extremely) low risk of your Steam account password being exposed. Modern encryption, especially with salting makes it damn near impossible to crack those passwords without the key. With that being said, it is always, always a good idea to change your password after something like this, irrelevant of whether or not it affected you (on the tiny off chance that it did)
Second: you should have had Steam Guard enabled. If you have that enabled, then you're pretty much home free. Unless you happen to use the same password for your email, in which case you're pretty screwed. Still, it's your own damned fault. Never use a weak and non-unique password for your email as you can recover access (and thus someone else can too) to most of your other accounts through your email. Anyways, Valve sent out plenty of emails, plenty of in-Steam notices about having Steam Guard enabled. If you didn't do it, well, your own damned fault.
Third: if by some stoke of unluckiness your account was breached and there are charges being made against your account -- dispute them! First of all, make sure you're checking your card statements for the next week -- if any erroneous or fraudulent charges pop up, make sure you report them. With this being said, they are fraud charges, you can dispute them and get your money back. You will likely have to close your card or even more so the bank will likely immediately issue you a new one (and invalidate the old). Sorry, I know it sucks, but thats how it is on the Internet.
Fourth: To all those of you who say you 'deleted' Steam -- you didn't. Their databases, just like every other internet-based company out there, still contains your info. So if you think you're safe because a month ago you stuck your head in the sand, you're quite wrong. Make sure you stay vigilant, and better yet, go log back in, change your passwords, etc. Before you go bashing Steam for keeping your data -- Google does it. Yahoo does it. Facebook does it. Hell I bet even CFC does it. From a technological standpoint, it is much more difficult to delete a database entry that is referenced in multiple places than to just invalidate it. That is how current database-driven sites work. I want to repeat, Steam is not alone in this, everybody does it. If you do not want to have your information stored and collected, go and unplug your modem, and go back under your rock.
Finally, I want to address the 'increasing amount of data breaches'. Yes, they have increased, but only because the number of people and services online have too. In fact, I would say that as a percentage of overall activity online, they have either stayed the same or decreased. In the past, companies would rarely if ever report major data breaches such as this. It was bad PR to announce them, so they kept them under the wraps. The data was still stolen though. These days, the PR hit from not taking action right after a data breach such as this is much greater with the proliferation of internet-based media. Thus, you are in fact much more likely to hear about a major data breach, and more likely to hear about it in time to prevent your personal data being used in nefarious ways. It has gotten a lot better in the last decade. In addition, the recognition of data breaches as a major issue means there are many more ways to address them after the fact, and it is a lot easier to get some sort of compensation if for instance your bank accounts are flushed.
So please, those of you getting your panties in a twist. You have every right to be pissed off, but little right to be pissed off at just Steam. This kind of stuff happens a lot more often than you think. You should most of all be pissed at the people who perpetrated this.
And so once again, I'm glad I passed on CiV.
Suit yourself. Despite this breach, Ill continue to enjoy the games Steam brings me. 80+ games and under 300$ spent on all of them. Booyah. Not to mention the myriad of other things Valve as a company does.
I love that I'm finding this out from a Civ fansite and not from Valve itself - you know, when I log into Steam, like right now, immediately.
Christ, Valve. Get your head out of your ass for once.
Popped up on Update News for me immediately when I started Steam.
It should be the first thing that happens when you turn it on.
I mean geez, many of us didn't want this in the first place but had it shoved down our throats, all the while with people telling us how great it is.
Nobody shoved it down your throat but you. You didn't have to buy the game, but you did. Quit whining, nobody forced you.
Thanks for the warning J. I wasn't hacked, but I'm changing my passwords anyway.
Right on. This man has the right idea.
Where are all the preachers about how people who don't love Steam-like crap are paranoid and stuck in the past ?
Wouldn't it be fun if they get their bank accound flushed and their games locked as a result ?
The likelihood of that is very very tiny. It is also a risk you take every time you use the internet. Not a Steam exclusive (heh-heh)
I've precariously deleted my steam account together with my civ V game. I didn't play it anyway....
Doesn't matter, your info is still in their database. Deleting your account merely marks it as inactive in their database.
So all those "paranoid" people (like me) were right after all. I'll be keeping my computer a steam free environment.
Im more paranoid than most about this (ask anyone on IRC, I've been called a foil-hat-nut about privacy) but even I realize that this is not an exclusively Steam issue. So yes, all you paranoid folks were..I would not say you were wrong, but just a wee bit off on your aim. You should have been paranoid about..oh the whole Internet.
Yep, me to. So much trouble for playing a single player game...
It's a multiplayer game. Anyone that says otherwise is an eejit. Before you say otherwise, tell me, is that a Multiplayer button in the in-game menu?
I can't change my password until I get to my home computer because I can't remember the settings to my email account to set it up on this computer to RECIEVE THEIR STUPID EMAIL SUPPOSEDLY PROTECTING MY SECURITY AFTER MY ACCOUNT HAS POSSIBLY BEEN BROKEN INTO.
This pisses me off. I was just getting to like steam until this.
For the love of god don't use any other digital distribution platforms. The only one on the same level as Steam I would say is GOG. Everyone else is even worse about your data.
As for the email, thats your own damned fault. It's your email, you should know how to access it.
Thanks for the update!
I recently had money stolen because my little cousins xbox was hacked (150$ worth of credits bought) and I had recently used my paypal account to buy him some DLC so we could continue playing online together.
Hope to not have to go through all that crap again with Steam.
You more than likely wont. Now PayPal on the other hand, give them any leeway and they'll suck you dry.
Glad I uninstalled steam and Civ 5 ages ago and never ever used my credit card with them either.
Credit to the cfc team for spreading the word.
as said above, your data is still in their databases. God forbid you used the same password as for your email, because then they could get at your email, and from there, anything linked to your email is their apple.
Well it's been hacked and countless people may have been put at risk. I hate the way the computer industry has gone, all to secure MONEY. I constantly feel like I am at risk online. I do less and less business online because of this that seem to be so common and happening more frequently.
Just sell your crap at stores!
Nope, just being reported more often, which is a good thing. Because at least you know and can take steps to mitigate the damage versus not knowing until you've been bled dry.
annoying. one of the reasons why i use a credit card with no cash on it untill i put a small sum in before i pay for the goods.
anyway, a good tip is to change all your important passwords on a 3 month basis.
And never ever have a lot of money on your online credit card. just order 2 cards and move money from your main card to your online credit card each time you buy something.
That's not a credit card, that is a debit card. If you used an actual credit card, you would be fairly bulletproof. The two are not the same. With a credit card, you have a lot more recourse as the money has not been drawn from your bank accounts, but is rather still just a debt (that you can dispute)
I didn't get the notification posted below you either, and in any case not all of us sign into Steam on a daily basis or check the forums at all.
They have our email addresses, why the hell they didn't send out a round robin for this of all issues is beyond me.
Because we all know how well yelling 'Fire!' in a theatre works. They made a statement, sending out a blast email is likely to cause more PR damage. This would cause a mild panic amongst the less informed, leading to Valve's support resources being much more saturated, leaving those who are actually affected waiting longer. It's not perfect, but the pros of not sending out that blast email outweigh the cons for everyone.
Moderator Action: As mentioned on the previous page of the thread, please do not call other members ignorant, and don't imply that they're idiots either.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889
