News Steam forum and database hacked

Password changed successfully for me.

 

I'd be surprised if many people even have a steam forum account, as you don't get one by default I've had steam since day1 and still have no forum account

 

It's a crapper .

I'm on the steam forum but not so sure why, mostly people complaining about games being console porrts etc .

 

Why?
This is such a BS myth.

Unless I they know of your other accounts, your password is only going to get them into Steam. I could tell you the password to my email but what good would that do if you don't know my email address.

 

And what if Last Pass gets hacked?

Uhh, your email address is stored in your steam account. If you happen to use the same password for both your email and steam, then they can get into your email and if they can get into your email then they can find out about EVERYTHING you ever registered to.

 

Anyone who uses their email password for any other site is asking for trouble.

 

Damn, and I thoght 'Dave123:456789' would be alright.........these hackers are good.

 

Trouble is that hackers now have automated tools to take a given set of credentials and hit all the big sites - Yahoo, Gmail, Facebook, etc. If you're talking forum passwords, whatever, no one cares - use the same one on all of them so it doesn't clutter up KeePass/LastPass/1Password, etc. On anything important, don't reuse passwords across any of them, ever. Preferably not even variations (I used to use variations on two passwords for everything) - using a variation of something you're already using somewhere else give a brute-force attack a head start - why give them 6 out of the 10 chars of the p/w?

After my Yahoo account got hacked a couple years ago (almost my own fault - 6 lower-case letters, a known word, etc.) I got KeePass and let that generate passwords of 80-150 bits of entropy. The p/w protecting that isn't as strong, but someone would need access to the .kdbx file itself, so I'm not too worried. That I have on my main drive, backed up to another HDD, and on the flash drive I keep with me, so I won't lose it and be totally hosed (unless my house burns down and I run out without pants on, but then I've got bigger problems anyway.)

What gets me about this is Steam got hacked on 11/6. I hadn't been on Steam since I dumped my old bank and opened an account with a credit union, so Steam still had the now-inactive card. On 11/5, they had an awesome sale on Tropico 3, so I put in the new card, told Steam to store it to keep it easy...FUUUUUU. Changed p/w and deleted card number last night...think I won't let it store the card - that made it way too easy to blow money with almost no effort. Given the backlog I've got that I haven't even downloaded yet, probably better all around that way.

 

Where I work, we don't even take CVVs on cards - the system doesn't even have a place to put them in. Aside from that, on our own company credit cards, at least one gets stolen an average of once a month, without necessarily having a CVV (a lot of the places we use them don't take CVVs, either.)

As to security, I have a lovely little tale. This was on a debit card, so maybe not quite the same, but still a little disconcerting - One day I needed cash, so I hit an ATM. My wife had done the same earlier without me knowing, and so the ATM would only give me a lesser amount. After talking to her, it made sense and I didn't think much of it. However, next time I hit an ATM, told me no can do 'as a precaution'. I didn't get the phone # it showed, figuring I could just call customer service if I needed to. Next day, just to see, I tried the card at the grocery store, worked fine. Next time at ATM, no go. Pissed, I grabbed the receipt with the phone #. It was one of those irritating automated confirmations - 'this transaction for this amount at this location' The three transactions it wanted me to verify were the store, where it worked, and two failed attempts at ATMs. What security have you given me if you provide a thief the ability to still use my card until he tries to get cash, then tell him who to call to say yes the transactions are legit, so turn the spigot back on? Granted, a thief would need the PIN, but that was very close to what finally broke it for me and I closed that account shortly thereafter

 

I do wonder what the point is in having a strong password if the database is just gona get compromised.

 

Of course it matters there because both are tied together, point is, you don't need a different password for everything.

Good luck.
You still need an account to attach it to, don't tie all your stuff together and it's not a problem.

Exactly!
Why hack 5000 accounts, when you can hack one and get all 5000.
This or a rouge employee is the most common scenario for this sort of thing.

They don't really give a darn about your Facebook or Gmail account, they want your credit card.

 

What difference does the colour of the employee make?

 

I guess if you can find the rouge one, you know hes the culprit.(embarresd look)

We keep being told how safe the net is, but if big companies security can be compromised it makes you wonder.

I dont bother with online accounts and buying over the net. I have been told how wonderful and safe it all is, but seems its me thats laughing at my friends now.

I purchase my steam games at the shop and then put them on, so no card details etc etc.

Maybe if my steam gets hacked they can play some of my games and get some acheviments for me.

 

Buy through steam using Pay Pal, that leaves only a single point of failure as opposed to your card being everywhere.

When my card was stolen, it was an employee who took the card number from a sales invoice. No hacking needed and it didn't matter if it was at a local store or over the internet, it was still a person who chose to take it.

When I worked at the dot com, all phone orders ended up in the same system. We used to get people all the time saying they didn't trust the internet and wanted to order over the phone. We just entered it in through the backend into the same server.

Is that being caught rouge handed...
Rogue, rouge... My fingers are dyslexic, deal with it.

 

If LastPass gets hacked, then I might be a bit screwed but given that they're in the security business I'd hope they'd be more likely and quicker than even Valve to notify us and help get passwords changed. At the very least with LastPass I have an easy list of which passwords I need to change

 

I am so glad right now I've never bought anything from Steam. Nor do I intend to in the future - games are still much cheaper retail-bought. The first time I ever used Steam was yesterday when Skyrim neccessitated its installing. And it couldn't have been much more cumbersome: Steam wouldn't let me install the game until 2 AM on Friday, though I got the game in the mail on Wednesday; before installing, Steam forced me to download Skyrim's first-day patch for an hour at a speed one-eighth of my normal download speed; and now I have to start Steam every time I want to start the game. It has proved to be one of the most intrusive and unneccessary pieces of software ever to take up space on my hard-drive, and I am sure to uninstall it as soon as I'm done playing Skyrim.

 

im using a virtual credit card to buy stuff on steam its a virtual card that the bank issues for use 1 time only and with a specified amout. So once iv bought a game it makes that card invalid for any more transactions. This is by far the best way to buy stuff over the net because its 100% safe

 

xD

 

Thank Gabe for Steam Guard. If I get an email from someone trying to get into my account I will change my password.

 

Once I enabled https all the time on my Hotmail accounts (typical MS, good idea but you have to dig into the options to find it) and changed my password, I relaxed about this, the hackers have no more info than is already out there from when I had a credit card app go missing in the post. Then again my account was hijacked last year so it's happened already, maybe that's why I'm more relaxed about it.