News Steam forum and database hacked

The problem with steam guard is it never sends me the email so I disabled it. No idea what the problem is the email address is correct and its not in my spam filters.

How come online banks never get hacked? DO they have some kind of superduper unhackable software? Is it insanely expensive? Or are some services just too flippant about security?

I have nearly 200 games on steam. Getting hacked would (obviously) be a real problem. My steam forum account didn't have the same password or name as my steam account but its a password I use for lots of things. Mostly low concern things, like this site.

 

Had my wow account hacked via rogue android app last year. I now have very random passwords that travel with me on an encrypted sdcard.
Made me very paranoid.

 

Security does have a cost and in the case of banks, they have more incentive to get things right - they would be held liable for the costs of breaches at their end. That's not to say that compromises don't happen - but (so far) they've tended to be small scale with individuals being affected due to malware on their system.

In the case of services like Steam, the biggest problem would be a malware author (or gang) hijacking their update servers and using them to push malware onto subscribers' systems (35 million PC botnet anyone?). Valve have covered themselves with the Steam EULA section 9C ("VALVE DOES NOT GUARANTEE CONTINUOUS, ERROR-FREE, VIRUS-FREE OR SECURE OPERATION AND ACCESS TO STEAM, THE SOFTWARE, YOUR ACCOUNT AND/OR YOUR SUBSCRIPTIONS(S)." - capitalisation theirs) so they have less to lose from any possible compromise.

 

This is why I don't link credit card info with my account.

 

So you have never played HL2? Never played TF2? Never played L4D?

Fair enough but your missing so much there.

Steam is one of the best things that have happened to gaming, and I hate it when people start steam-bashing without a good reason. The fact of the matter is buying games through is about being clever...and waiting for the sales. All of my games on Steam I have had I have bought cheaper than I would EVER have gotten them via retail stores, even if I waited several years for retail prices to crash, I wouldn't be able to get them cheaper; same price at best. Buying non-offer items are more expensive yes, but not always.

The fact that steam didn't let you download it till that time was cos thats when the game was to be launched!! Intrusive pieces of software? Please explain why you think so? Unnescessary? It is the best user-friendly form of DRM out there that has a decent success rate albeit it is still possible to hack valve-games.

 

There are plenty of other good games out there that don't require Steam - and Steam is the second most restrictive form of DRM (activate-on-play) with only the always-online systems like Ubisoft's being more limiting.

I've posted elsewhere on this, so no point regurgitating, but there are several reasons to argue the exact opposite. Steam is currently the closest thing to a monopoly in the gaming world and such things tend to go badly at some point.

 

I got Far cry 2 for £3.99, could'nt get it that price retail

 

Best retail price is currently £5.01 - not too far off and a bargain compared to Steam's normal price of €19.99. Still screws you over with activate-on-install DRM though.

 

Steam is for bargains in sales and indie games, nothing else. For me anyway. Anyone who keeps their whole gaming catalogue in an account that can be hacked is trusting a great deal in a company to not **** up. And they do, they all do. Pretty regularly in fact. If that game matters to you, buy a physical copy.

 

You haven't looked at Steam closely or at all apparently.
You can make a physical disk/backup for the games. The only real risk with Steam is if they fold and turn off all the servers, and from my understanding if they did that, they intend to make some arrangement so games don't just stop. Many will work without it anyhow.

For me, it's been a great service.
I can't complain too much about them getting hacked when other, larger companies are as well, and in worse ways. I'm unhappy it happened, but nothing is 100% safe.

 

Care to provide a link for this? There is no mention of it in their EULA except under very limited circumstances (section 13.C.2 - if you have one game only, Steam terminate your account and only at Valve's discretion).

As Shamus Young explains in detail in his Authorization Servers article, even if such promises were made, they'd have little value.

 

Aside from release dates, Valve tend to follow through on their promises sooner or later. These things aren't always written into EULAs - And maybe that's a good thing.

In practical terms it's rarely all that difficult to get Steam games working without Steam anyway, so if Valve somehow went bust some day so you can always count on Razor1911 and others to get your games working just fine as long as you downloaded them already before the system hypothetically stopped working.
Hell, some developers do it for you. My copy of X3 - TerranConflict which I bought on Steam works just fine without Steam after applying the legal and legitimate no-CD patch that Egosoft released for the retail version of the game.
The DRM component of Steam reliability in games is almost always encased solely in the game's core executable; so there isn't a whole lot that would need changing in the majority of cases to get a game running legitimately without Steam if the service went belly-up.

Steam is dangerously close to being a monopoly, yes; but to me there's a massive difference between a monopoly by a publically-traded giant of a corporation like Microsoft, EA or Activision known for treating customers like shite and lying through their teeth; And a monopoly by a privately-held company like Valve known for treating their customers well (aside from euro pricing) and being generally quite honest.

There's a good chance that PC gaming would be in a far worse state today due to unprofitability if it weren't for Valve and Steam; And the 'digital distribution' approach needed someone to get it right. Valve happened to be that someone, even if it took them a while to make Steam genuinely useful and appealing for the gamer.

Do you think any of the other companies would have been as successful if they tried?
Companies like Activision and EA have clearly shown that they would have screwed it up if they had been the ones to try because they have track records of being typical corporate scum and it seems to show in every single thing they do these days.
On top of that there's the fact that Valve has provided the industry with the formula for success in the form of Steam and still EA managed to cluster**** the whole idea with the abomination that is Origin.

The reason that Valve has a monopoly is that they're one of the few companies to really get the whole thing right. It's hardly their fault that other companies have proven themselves unwilling or incapable of achieving the same.
I'm not saying that a monopoly is a good thing by any stretch of the imagination and not everything that Valve does is ideal but I'm not entirely sure things would be better in PC gaming without Steam and I'd much rather have Gabe Newell running the dominant force than someone like Bobby Kotick or John Riccitiello.

---

As for the actual topic of companies getting hacked..

Every 'prime target' gets hacked sooner or later. It's how they handle it that counts; And so far Valve is handling it a lot better than others in the recent past such as Sony.

 

I know you can create a backup, but if you were unlucky enough to be hacked I can't see that helping you much when you can't log into your Steam account. Thankfully Steam are pretty decent at keeping things safe. But as you know s*** happens. Hence my not wanting all my games in one place, that, and I love having and opening shiney new physical editions.

 

While I wouldn't disagree with this viewpoint, these companies weren't always bad - EA was one of the main publishers back in the 8-bit days (gawd, I'm showing my age here) and Activision started almost as an "indie" competing with Atari. Why reminisce? Just as these companies changed, so can anyone else.

By not offering refunds on APB? (or for that matter, almost everything else). By disabling accounts entirely due to Paypal problems on a single game purchase?

A company's true colours are best judged when things go amiss and I fail to see, with examples like the above, how Valve can be compared favourably.

As noted in Arstechnica's discussion, aside from the timing of the initial message (Sony taking 6 days compared to Valve's 4), both incidents have very similar circumstances. If anything, the Valve breach is more serious since it has placed more users at risk.

 

Most games you play for a bit then no longer care about. The only game from there I play regularly is L4D2. The rest of the games I have there I hardly play so losing them would not have been much of a loss anyway.

How many games would you really lose?
That game you played a year ago isn't really much of a loss is it? And how much would it cost to replace at this point? I could get back everything from Steam I want for about $10 at this point.

You are talking a period of year, not weeks or days.
Most people lose interest in games pretty fast so the reality is that even if it went bad, you aren't going to lose much, especially as the company goes belly up, people will start bailing.

Steam was hacked, Sony was just plain incompetent.

Steam was hacked just as any company can be, but they were at least smart enough to have put some effort into protecting the user. Sony did nothing. For all of Sonys money, they couldn't be bothered investing in even the slightest bit of encryption to protect user information. The fact that the crooks got in how many times after should tell you something as well.

Sorry, but I would rather have my Pay Pal on file with Steam, than a credit card on file with Sony PSN any day of the week.


Oh and as for APB, Steams policy is about the same as any store in the US. Once you open a bit of software, it's yours. No refunds. Too many people bought it, burned it then returned it, or they bought games like BF, cheated, got blocked and then returned the games for a new copy You most likely would not have gotten a refund at any US store either.

 

That might be true for you - but I can (and do) play games purchased 10 or more years ago. I doubt I'm the only one.

If the game used Steamworks then you wouldn't be able to replace it at all, in the event of losing access to Steam. As for value - it depends on availability. Many games go "out of print" and can only be replaced through the second-hand market.

Then there is the matter of consumer rights. If I pay for something, I expect to be able to use it when and where I please - not being blocked from playing before a release date, due to server loads (i.e. the distributor not budgeting enough for server capacity and bandwidth) or due to being in a different region. If you care about your gaming, these things should matter to you too.

Some facts-checking would be useful here:

1. Sony did encrypt credit card details, but not other data. PS3 PSN network traffic was also encrypted, though this was defeated. So it's fair to criticise Sony for not using enough encryption - but not for using no encryption.
2. Valve didn't know their database had been breached until a separate compromise on their forum caused them to review security. We don't know how long their systems have been compromised for, or how many groups were involved. So they could have been compromised long before Sony (and Steam would be a more attractive target due to its ability to compromise 35 million+ PCs). We have to wait and see what turns up before passing judgment.

EA were offering refunds (though in the form of vouchers) - this was an MMO reliant on game servers so consumers in the US should have been able to claim store refunds due to breach of contract (and this would certainly apply in the EU).

 

It's now been 3 weeks since the initial closure by Valve and no further information has been given, nor has any visible action been taken to fix the cause of the breach. Continued silence from Valve is the worst outcome since it implies either security failings embarrassing enough to hide, or a compromise so serious that it hasn't been fixable so far (in which case, the affected services should have been taken offline to avoid compromising users further).

Perhaps Bit-Tech might wish to follow this up with Valve?

In comparison, after 21 days Sony had disclosed the full known extent of their security breach, arranged ID theft insurance for US users and had rebuilt the PSN network (still undergoing final testing, but just 4 days from relaunch).

 

Huh, from where do you take the information that there was no fix ? The fix was to fix the hole in forums through which they attacked. Why do you think the forums were online for few days ?

But maybe by "fix" you mean compensation etc... In that case use the correct words, becuase the breach was of course fixed.

 

Because nothing has been stated by Valve about any fix on its news page.

Thread title:

News Steam forum and database hacked

Original post:

Valve co-founder Gabe Newell confirms that the Steam database and its forum accounts were hacked, gives advice to cope.

The article linked to this thread:

‘We learned that intruders obtained access to a Steam database in addition to the forums,’ added Newell, ‘This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.’

So no, it wasn't just the forums...