1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Steam forum and database hacked

Discussion in 'Article Discussion' started by Claave, 11 Nov 2011.

  1. Claave

    Claave You Rebel scum

    Joined:
    29 Nov 2008
    Posts:
    691
    Likes Received:
    12
  2. iknowgungfu

    iknowgungfu Minimodder

    Joined:
    28 Aug 2011
    Posts:
    259
    Likes Received:
    5
    Merde! Just went through and changed a load passwords after the PSN scare!
     
  3. K.I.T.T.

    K.I.T.T. Hasselhoff™ Inside

    Joined:
    1 Jan 2005
    Posts:
    624
    Likes Received:
    1
    Oh bother, well, that's slightly tiresome....
     
    wyx087 likes this.
  4. fix-the-spade

    fix-the-spade Multimodder

    Joined:
    4 Jul 2011
    Posts:
    5,597
    Likes Received:
    1,383
    Stark contrast to Sony's approach ealier in the year.
    Coming straight out and saying it seems much smarter than saying there's nothing wrong, there's nothing wrong, THERE IS NOTHING WRONG!
    .
    Still, just set new passwords on everything, can't be too careful.
     
  5. Denis_iii

    Denis_iii What's a Dremel?

    Joined:
    1 Jan 2007
    Posts:
    1,224
    Likes Received:
    14
    can you even change steam accoutn password on steam website? (not steam forum)
     
  6. TWeaK

    TWeaK Minimodder

    Joined:
    28 Jan 2010
    Posts:
    521
    Likes Received:
    7
    To be fair to Sony, Valve didn't come out right away. The forums were defaced last Sunday, and they shut them down. They only came out with something official last night - before that there were all sorts of rumours, like it just someone attacking the forums only from a cyber cafe.

    They key difference between them and Sony, however, is that they hashed the passwords.

    Tbh though I do wonder what the cause of it was. I have a feeling they got hold of an employee's forum account, which they then used to alter the forums, and this employee also had access to the database. So, either the employee used the same password for the database or maybe they had access to his/her email and got in through that. Hopefully Valve will be up front and explain what exactly happened once they've fully investigated, but I wouldn't expect them to..

    @denis_iii: You can only change your Steam password through the Steam program. Forum accounts are separate to Steam accounts though (you might not even have one), and it's the forum account that they're requiring everyone to reset. They do advise you change the password for your main Steam account though, and on any other account elsewhere that uses the same password.
     
  7. sakzzz

    sakzzz Minimodder

    Joined:
    13 May 2009
    Posts:
    244
    Likes Received:
    11
    Makes me wonder whether ANYTHING is SAFE online !! ?
     
  8. LeMaltor

    LeMaltor >^_^

    Joined:
    3 Oct 2003
    Posts:
    2,103
    Likes Received:
    27
    Trying to change my steam password, keeps telling me I cannot do it at the time :S
     
  9. Denis_iii

    Denis_iii What's a Dremel?

    Joined:
    1 Jan 2007
    Posts:
    1,224
    Likes Received:
    14
    thanks, am at work so will change my steam password tonight. steam forum account reset to random password with there password reset thang.....i've been meaning to change my pw's for years so will start today across all other sites with non universal password as i stupidly had before.
     
  10. Mentai

    Mentai What's a Dremel?

    Joined:
    11 Nov 2007
    Posts:
    758
    Likes Received:
    1
    I thought I might be ok cause I use Steam Guard, meaning the hackers would need to get into my email (different password) to get into my Steam. I emailed Gabe about it, but he said to change my password anyway just to be safe.
     
  11. TWeaK

    TWeaK Minimodder

    Joined:
    28 Jan 2010
    Posts:
    521
    Likes Received:
    7
    @denis_iii I use Last Pass in conjunction with passwords like this. There's also things like Keepass which allows you to take it with you on a USB stick, but then I use Chrome portable and that way I get all my extensions too.
     
  12. Krikkit

    Krikkit All glory to the hypnotoad! Super Moderator

    Joined:
    21 Jan 2003
    Posts:
    23,994
    Likes Received:
    707
    I wonder how many nerds have upped their passwords to huge phrases after that xkcd - I certainly made a start on the important stuff!
     
  13. Th3Maverick

    Th3Maverick What's a Dremel?

    Joined:
    23 Aug 2006
    Posts:
    165
    Likes Received:
    0
    No.

    I did. Gotta love Robert--pissing off hackers everywhere.
     
  14. Xir

    Xir Modder

    Joined:
    26 Apr 2006
    Posts:
    5,412
    Likes Received:
    133
    at least they encrypted the credit card data...
     
  15. V3ctor

    V3ctor Tech addict...

    Joined:
    10 Dec 2008
    Posts:
    584
    Likes Received:
    3
    Doesn't make it any safe... So... Cancel the credit card is going to be my solution :/ damn...
     
  16. towelie

    towelie How do I Internet!!

    Joined:
    1 Sep 2011
    Posts:
    399
    Likes Received:
    10
    Wow it getting freakin insane to keep any form of passwords these days
     
  17. Bede

    Bede Minimodder

    Joined:
    30 Sep 2007
    Posts:
    1,340
    Likes Received:
    40
    Nothing is safe, ever. Online is safer in some ways, but less secure in many.

    @Xir: how long will it take to brute-force crack that do you think? Even if it's a month or two that will still cause a huge problem.
     
  18. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,953
    Likes Received:
    270
    If they used any sensible encryption scheme, then we talk about years of decades (or much, much, much more).

    For example AES :
    http://www.theregister.co.uk/2011/08/19/aes_crypto_attack/
    DES3 :
    http://en.wikipedia.org/wiki/Triple_DES

    Pretty much any good encryption algorithm is unbreakable these days, unless you can get the key directly from the source (Steam in this case).
     
  19. antiHero

    antiHero ReliXmas time!

    Joined:
    19 Jan 2005
    Posts:
    2,037
    Likes Received:
    13
    From what I read Steam is using AES 256 encryption. If the guys who hacked steam could crack that we would have bigger problems the stolen credit card info.

    Still, its getting a lil crazy lately with all the big companies getting hacked.
     
  20. mejobloggs

    mejobloggs What's a Dremel?

    Joined:
    16 Sep 2011
    Posts:
    149
    Likes Received:
    0
    This is a good reminder to enable Steam Guard. Must do it when I get home
     
Tags: Add Tags

Share This Page