Jump to content

Steam Hit by Major Security Breach, Many Accounts Hacked


Arthmoor

Recommended Posts

With Steam Guard enabled, there was no risk, as Valve confirmed.

 

Associate your account to a mail with two step authentication, and you're pretty safe.

Link to comment
Share on other sites

The linked article specifically said there were confirmed reports of hacked accounts even with Steam Guard active.

 

Bottom line: Site hacked. Breached sealed. Change your passwords. Pray you're using complex unique passwords on every site or your online life is about to become hell :P

Link to comment
Share on other sites

The linked article specifically said there were confirmed reports of hacked accounts even with Steam Guard active.

 

Not true. Read it again :

 

 

It’s not yet clear if Steam Guard offers sufficient protection from the exploit, as there have been some reports from users claiming that their accounts have been compromised even with Steam Guard enabled.

 

I don't call that "confirmed" reports.

 

And from the article linked by Gruftlord :

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
Link to comment
Share on other sites

Gruftlord linked from Kotaku, they're not exactly a trustworthy source of ... well ... anything.

 

As far as press reports go, "there have been some reports" is more or less language for confirmation. Valve will of course deny this if they're ever asked about it.

Link to comment
Share on other sites

"To those affected, Valve says:

"To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

We apologize for any inconvenience"

"

that line came from Valve directly, unless of course you want to assume the Kotaku is as untrustworthy, that you consider them liars that would fake a reply from Valve...

Link to comment
Share on other sites

"To those affected, Valve says:

"To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

We apologize for any inconvenience"

"

that line came from Valve directly, unless of course you want to assume the Kotaku is as untrustworthy, that you consider them liars that would fake a reply from Valve...

I wouldn't put it past them....

 

But seriously. The little gif in the Kotaku article? That password was reset without any level of verification whatsoever. Steam Guard cannot protect you in that instance. Your password is already well and truly compromised by the time any notification comes down the line.

 

So regardless of who says what in damage control mode, changing your password seems like a simple enough step to guarantee you aren't one of the victims that Valve hasn't bothered to notify yet.

Link to comment
Share on other sites

the point is: they could change/reset the password, without knowing anything aside from your Steam name. they didn't need the confirmation email to finalize the process either. what they could not do however is stop the confirmation email from being send. even if they change the account email afterwards, you will have received at least 1 email (if said report is true), independent of whether 2-factor authentication worked or not.

and they never got ahold of any original passwords it seems. honestly, I trust kotaku much more in this than I trust steam atm. so if anything about that reply from valve turn out false, I think i'll direct the blame at valve rather than at the messenger that is kotaku.

but you are right, luckily I think I'm overdue in changing my passwords anyway.

Link to comment
Share on other sites

If you can change your password that is.  It looks like the entire Steam site is down at the moment.  I have tried a couple of times to get access to my Steam account without luck.

Link to comment
Share on other sites

Not having any trouble with it from here. Maybe a problem with the route between you and Washington?

Link to comment
Share on other sites

I think it's related to the connection between Steam and CloudFlare, which I've had seen for the TWC forum a couple of times.  That's funny just after I posted that Steam was back online.

Link to comment
Share on other sites

ah lovely...

Would be nice if GoG could us to import our steam games to GoG, if they have the game of course. They did it for The Witcher 2 Enhanced edition... I'm not sure how it would work, do they have the pay the devs for that? 

Edited by DSoS
Link to comment
Share on other sites

:facepalm:  Valve, you're not helping yourselves win people's trust here. Being secretive about stuff like that isn't good when running a business, not even a little bit.

 

Yet another reason for me to avoid using Steam as much as possible. No more buying stuff from them for me, ever. I hope for those who were affected that Valve makes things right. Yeah, fat chance of that happening knowing them. :troll:

Link to comment
Share on other sites

:facepalm:  Valve, you're not helping yourselves win people's trust here. Being secretive about stuff like that isn't good when running a business, not even a little bit.

 

Yet another reason for me to avoid using Steam as much as possible. No more buying stuff from them for me, ever. I hope for those who were affected that Valve makes things right. Yeah, fat chance of that happening knowing them. :troll:

Yeah, Valve literally gave other gaming companies an excuse for not releasing new games on Steam and doing such thing is bad business that's for sure.

Link to comment
Share on other sites

Would be nice if GoG could us to import our steam games to GoG, if they have the game of course. They did it for The Witcher 2 Enhanced edition... I'm not sure how it would work, do they have the pay the devs for that? 

If it was only done with W2, it is likely because of the fact that GOG is created and owned by CD Projekt Red. Any other developer allowing the game to be imported would have to either:

* 1) Eat the amount GOG would take out.

* 2) Make a deal with GOG for the tax to be waved

* 3) Charge to import the game at the amount GOG would take out.

 

 

PS: I also like GOG and only use Steam when I'm forced to.

Link to comment
Share on other sites

They closed the hole. Investigation is over. Time to step up and inform the folks.

 

This is Valve we're talking about here. Kotaku was lucky to get a semi-useful response from them at all. They have no intention of telling anyone what happened.

Link to comment
Share on other sites

Yes, it is pretty much standard not to comment during an investigation (whether that's the right thing to do or not is another matter), but they were done investigating (i.e. they closed the security breach) at some point before the information was even leaked by the media.

 

And yes, I agree that Valve never intended to tell anyone about it, which is extremely unwise from a business standpoint and can only hurt them in the long-run. Secrecy rarely (if ever) works in your favor in situations like this, which is why it is unfortunate that more and more companies are lacking in terms of proper (and prompt) communication these days.

Link to comment
Share on other sites

No, they aren't actually done with the investigation. Closing the hole is the first part, they might actually want to attempt to backtrack who did it, which takes time.

 

That said, if they don't get anything out today, that'd be odd.

Link to comment
Share on other sites

It's been at least three days (maybe more) since the breach happened. If they aren't done "investigating" then they have a moral obligation to their customers to make an official statement. Since I don't believe that Valve has any substantial morals, I seriously doubt that they really care one way or another at this point whether people's accounts got hacked or not. It strongly appears to be yet another deal where they're sweeping the whole thing under the rug because they know that they're probably not going to have to be held accountable by anyone.

  • Like 2
Link to comment
Share on other sites

What's worse is people downplaying the risk because supposedly Steam Guard saved peoples' hides and/or it was just a minor thing. WAY TOO MUCH of this Gabe can do no wrong sort of attitude about this whole thing. Had this been Origin or uPlay or GoG, it would have been front page news and people would be shouting from the rooftops for an explanation of what happened and what was being done about it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...