Arthmoor Posted July 27, 2015 Share Posted July 27, 2015 Well, looks like one of the reasons to fear using Steam has come to pass. Take a read. Not cool Gabe, not cool at all that we had to find out this way. http://masterherald.com/steam-hit-by-major-security-breach-many-accounts-hacked/23239/ Link to comment Share on other sites More sharing options...
VaultDuke Posted July 27, 2015 Share Posted July 27, 2015 ouch, god damnit. Thanks for the heads up Arthmoor! http://kotaku.com/steam-accounts-hijacked-following-security-lapse-1720288836 sounds like if you didn't receive an email notification about a change in your password, you are fine. Link to comment Share on other sites More sharing options...
Elgar Posted July 27, 2015 Share Posted July 27, 2015 With Steam Guard enabled, there was no risk, as Valve confirmed. Associate your account to a mail with two step authentication, and you're pretty safe. Link to comment Share on other sites More sharing options...
Arthmoor Posted July 27, 2015 Author Share Posted July 27, 2015 The linked article specifically said there were confirmed reports of hacked accounts even with Steam Guard active. Bottom line: Site hacked. Breached sealed. Change your passwords. Pray you're using complex unique passwords on every site or your online life is about to become hell Link to comment Share on other sites More sharing options...
Elgar Posted July 27, 2015 Share Posted July 27, 2015 The linked article specifically said there were confirmed reports of hacked accounts even with Steam Guard active. Not true. Read it again : It’s not yet clear if Steam Guard offers sufficient protection from the exploit, as there have been some reports from users claiming that their accounts have been compromised even with Steam Guard enabled. I don't call that "confirmed" reports. And from the article linked by Gruftlord : Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified. Link to comment Share on other sites More sharing options...
Arthmoor Posted July 27, 2015 Author Share Posted July 27, 2015 Gruftlord linked from Kotaku, they're not exactly a trustworthy source of ... well ... anything. As far as press reports go, "there have been some reports" is more or less language for confirmation. Valve will of course deny this if they're ever asked about it. Link to comment Share on other sites More sharing options...
VaultDuke Posted July 27, 2015 Share Posted July 27, 2015 "To those affected, Valve says: "To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password. Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified. We apologize for any inconvenience" " that line came from Valve directly, unless of course you want to assume the Kotaku is as untrustworthy, that you consider them liars that would fake a reply from Valve... Link to comment Share on other sites More sharing options...
Arthmoor Posted July 27, 2015 Author Share Posted July 27, 2015 "To those affected, Valve says: "To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password. Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified. We apologize for any inconvenience" " that line came from Valve directly, unless of course you want to assume the Kotaku is as untrustworthy, that you consider them liars that would fake a reply from Valve... I wouldn't put it past them.... But seriously. The little gif in the Kotaku article? That password was reset without any level of verification whatsoever. Steam Guard cannot protect you in that instance. Your password is already well and truly compromised by the time any notification comes down the line. So regardless of who says what in damage control mode, changing your password seems like a simple enough step to guarantee you aren't one of the victims that Valve hasn't bothered to notify yet. Link to comment Share on other sites More sharing options...
VaultDuke Posted July 27, 2015 Share Posted July 27, 2015 the point is: they could change/reset the password, without knowing anything aside from your Steam name. they didn't need the confirmation email to finalize the process either. what they could not do however is stop the confirmation email from being send. even if they change the account email afterwards, you will have received at least 1 email (if said report is true), independent of whether 2-factor authentication worked or not. and they never got ahold of any original passwords it seems. honestly, I trust kotaku much more in this than I trust steam atm. so if anything about that reply from valve turn out false, I think i'll direct the blame at valve rather than at the messenger that is kotaku. but you are right, luckily I think I'm overdue in changing my passwords anyway. Link to comment Share on other sites More sharing options...
Leonardo Posted July 27, 2015 Share Posted July 27, 2015 If you can change your password that is. It looks like the entire Steam site is down at the moment. I have tried a couple of times to get access to my Steam account without luck. Link to comment Share on other sites More sharing options...
Arthmoor Posted July 27, 2015 Author Share Posted July 27, 2015 Not having any trouble with it from here. Maybe a problem with the route between you and Washington? Link to comment Share on other sites More sharing options...
Leonardo Posted July 27, 2015 Share Posted July 27, 2015 I think it's related to the connection between Steam and CloudFlare, which I've had seen for the TWC forum a couple of times. That's funny just after I posted that Steam was back online. Link to comment Share on other sites More sharing options...
DSoS Posted July 27, 2015 Share Posted July 27, 2015 (edited) ah lovely...Would be nice if GoG could us to import our steam games to GoG, if they have the game of course. They did it for The Witcher 2 Enhanced edition... I'm not sure how it would work, do they have the pay the devs for that? Edited July 27, 2015 by DSoS Link to comment Share on other sites More sharing options...
BlackPete Posted July 27, 2015 Share Posted July 27, 2015 Valve, you're not helping yourselves win people's trust here. Being secretive about stuff like that isn't good when running a business, not even a little bit. Yet another reason for me to avoid using Steam as much as possible. No more buying stuff from them for me, ever. I hope for those who were affected that Valve makes things right. Yeah, fat chance of that happening knowing them. Link to comment Share on other sites More sharing options...
Leonardo Posted July 27, 2015 Share Posted July 27, 2015 Valve, you're not helping yourselves win people's trust here. Being secretive about stuff like that isn't good when running a business, not even a little bit. Yet another reason for me to avoid using Steam as much as possible. No more buying stuff from them for me, ever. I hope for those who were affected that Valve makes things right. Yeah, fat chance of that happening knowing them. Yeah, Valve literally gave other gaming companies an excuse for not releasing new games on Steam and doing such thing is bad business that's for sure. Link to comment Share on other sites More sharing options...
SilentProcyon Posted July 27, 2015 Share Posted July 27, 2015 Would be nice if GoG could us to import our steam games to GoG, if they have the game of course. They did it for The Witcher 2 Enhanced edition... I'm not sure how it would work, do they have the pay the devs for that? If it was only done with W2, it is likely because of the fact that GOG is created and owned by CD Projekt Red. Any other developer allowing the game to be imported would have to either: * 1) Eat the amount GOG would take out. * 2) Make a deal with GOG for the tax to be waved * 3) Charge to import the game at the amount GOG would take out. PS: I also like GOG and only use Steam when I'm forced to. Link to comment Share on other sites More sharing options...
KNakamura Posted July 28, 2015 Share Posted July 28, 2015 Psst: It's fairly standard for a company not to announce breaches during investigation phases. Elgar 1 Link to comment Share on other sites More sharing options...
Arthmoor Posted July 28, 2015 Author Share Posted July 28, 2015 They closed the hole. Investigation is over. Time to step up and inform the folks. This is Valve we're talking about here. Kotaku was lucky to get a semi-useful response from them at all. They have no intention of telling anyone what happened. Link to comment Share on other sites More sharing options...
BlackPete Posted July 28, 2015 Share Posted July 28, 2015 Yes, it is pretty much standard not to comment during an investigation (whether that's the right thing to do or not is another matter), but they were done investigating (i.e. they closed the security breach) at some point before the information was even leaked by the media. And yes, I agree that Valve never intended to tell anyone about it, which is extremely unwise from a business standpoint and can only hurt them in the long-run. Secrecy rarely (if ever) works in your favor in situations like this, which is why it is unfortunate that more and more companies are lacking in terms of proper (and prompt) communication these days. Link to comment Share on other sites More sharing options...
KNakamura Posted July 28, 2015 Share Posted July 28, 2015 No, they aren't actually done with the investigation. Closing the hole is the first part, they might actually want to attempt to backtrack who did it, which takes time. That said, if they don't get anything out today, that'd be odd. Link to comment Share on other sites More sharing options...
BlackPete Posted July 28, 2015 Share Posted July 28, 2015 It's been at least three days (maybe more) since the breach happened. If they aren't done "investigating" then they have a moral obligation to their customers to make an official statement. Since I don't believe that Valve has any substantial morals, I seriously doubt that they really care one way or another at this point whether people's accounts got hacked or not. It strongly appears to be yet another deal where they're sweeping the whole thing under the rug because they know that they're probably not going to have to be held accountable by anyone. garthand and Arthmoor 2 Link to comment Share on other sites More sharing options...
Arthmoor Posted July 28, 2015 Author Share Posted July 28, 2015 What's worse is people downplaying the risk because supposedly Steam Guard saved peoples' hides and/or it was just a minor thing. WAY TOO MUCH of this Gabe can do no wrong sort of attitude about this whole thing. Had this been Origin or uPlay or GoG, it would have been front page news and people would be shouting from the rooftops for an explanation of what happened and what was being done about it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now