News UnrealEd Files Mods FragBU Liandri Archives
BeyondUnreal Forums

Go Back   BeyondUnreal Forums > BeyondUnreal > Games

Reply
 
Thread Tools Display Modes
Old 10th Nov 2011, 08:00 PM   #1
Sjosz
(╯□)╯︵ ┻━┻
 
Sjosz's Avatar
 
Join Date: Dec. 31st, 2003
Location: Edmonton, AB
Posts: 3,049
PSA: Steam hacked

So it's been confirmed today that Steam got hacked. Maybe a good time to reset your password?
__________________
]--[ UCMP ]--[ BioWare ]--[ Portfolio ]--[ HOLP ]--[]--[ Flickr ]-|-[
Sjosz is offline   Reply With Quote
Old 10th Nov 2011, 08:05 PM   #2
Kyllian
if (Driver == Bot.Pawn); bGTFO=True;
 
Kyllian's Avatar
 
Join Date: Aug. 24th, 2002
Location: 45.64.294
Posts: 3,562
Here's the message I got after exiting a game
Quote:
November 10th, 2011
Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
This is why I never store CC info when making purchases
__________________



Quote:
Originally Posted by Azura View Post
Welcome to BuF, home of the bukkake angel O_o...
Kyllian is offline   Reply With Quote
Old 10th Nov 2011, 08:35 PM   #3
Sir_Brizz
More Than Just Mad Skill
 
Sir_Brizz's Avatar
 
Join Date: Feb. 3rd, 2000
Location: >:3
Posts: 25,677
The passwords were hashed and salted and the credit card numbers were encrypted. Yeah. Talk about useless data that would have to be brute forced and would not be worth the hackers' time.
__________________
64 65 61 74 68 62 6f 6f 67 65 72 73 20 6d 6f 74 68 65 72 20 6f 66 20 63 6f 75 72 73 65

Liandri Archives - A veritable smorgasbord of information about the Unreal series
If Titanic taught me anything, it's to never let go until you're a frozen corpse staring hopelessly into a barren horizon.
Sir_Brizz is offline   Reply With Quote
Old 10th Nov 2011, 09:00 PM   #4
Capt.Toilet
Good news everyone!
 
Capt.Toilet's Avatar
 
Join Date: Feb. 16th, 2004
Location: Ottawa, KS
Posts: 5,830
pword was changed upon hearing about it.
__________________
Capt.Toilet is offline   Reply With Quote
Old 10th Nov 2011, 09:52 PM   #5
Kantham
Fool.
 
Kantham's Avatar
 
Join Date: Sep. 17th, 2004
Posts: 18,041
Quote:
Originally Posted by Sjosz View Post
So it's been confirmed today that Steam got hacked. Maybe a good time to reset your password?
It's been confirmed 4 days ago. (screen caps of that fkn0wned site promoting on the forums)
And yeah, maybe.
__________________
Kantham is offline   Reply With Quote
Old 11th Nov 2011, 03:11 AM   #6
Lruce Bee
Transcending to another level
 
Lruce Bee's Avatar
 
Join Date: May. 3rd, 2001
Location: Malta
Posts: 1,642
It happens to the best of them apparently.
Lruce Bee is offline   Reply With Quote
Old 13th Nov 2011, 06:13 AM   #7
Hadmar
Queen Bitch of the Universe
 
Hadmar's Avatar
 
Join Date: Jan. 29th, 2001
Location: Nerdpole
Posts: 5,386
Quote:
Originally Posted by Sir_Brizz View Post
The passwords were hashed and salted and the credit card numbers were encrypted. Yeah. Talk about useless data that would have to be brute forced and would not be worth the hackers' time.
Encrypted CC numbers are just one more hurdle. A hurdle you should have, yes, but it's not an impenetrable magical barrier. The billing system needs to work with those numbers and they are not much of a help if they are encrypted. That means that the password has to be stored somewhere in the system. There are several ways how this can be implemented and some are more and some are less secure. The point is: It's possible that they also got the password for the CC numbers and don't have to brute force anything.
__________________
Hadmar is offline   Reply With Quote
Old 13th Nov 2011, 12:21 PM   #8
Sir_Brizz
More Than Just Mad Skill
 
Sir_Brizz's Avatar
 
Join Date: Feb. 3rd, 2000
Location: >:3
Posts: 25,677
Quote:
Originally Posted by Hadmar View Post
Encrypted CC numbers are just one more hurdle. A hurdle you should have, yes, but it's not an impenetrable magical barrier. The billing system needs to work with those numbers and they are not much of a help if they are encrypted. That means that the password has to be stored somewhere in the system. There are several ways how this can be implemented and some are more and some are less secure. The point is: It's possible that they also got the password for the CC numbers and don't have to brute force anything.
Where a database table would not require the highest privileges, things that decrypt data in the database are usually stored in root access only files (if you're smart). I can't guarantee that happened, but tracking down that file would take more time than the length of the hack, frankly, even if it was stored in plain text and accessible to everyone. I don't know what the Steam site is built in, or their payment processor, but it's also possible that the decryption password is compiled into their code, adding yet another layer of complexity. The point is, we don't know, but chances are probably pretty high that the hackers would have to brute force the encryption, which would take more time than it was worth.
__________________
64 65 61 74 68 62 6f 6f 67 65 72 73 20 6d 6f 74 68 65 72 20 6f 66 20 63 6f 75 72 73 65

Liandri Archives - A veritable smorgasbord of information about the Unreal series
If Titanic taught me anything, it's to never let go until you're a frozen corpse staring hopelessly into a barren horizon.
Sir_Brizz is offline   Reply With Quote
Old 13th Nov 2011, 01:13 PM   #9
Hadmar
Queen Bitch of the Universe
 
Hadmar's Avatar
 
Join Date: Jan. 29th, 2001
Location: Nerdpole
Posts: 5,386
Quote:
Originally Posted by Sir_Brizz View Post
Where a database table would not require the highest privileges, things that decrypt data in the database are usually stored in root access only files (if you're smart). I can't guarantee that happened, but tracking down that file would take more time than the length of the hack, frankly, even if it was stored in plain text and accessible to everyone. I don't know what the Steam site is built in, or their payment processor, but it's also possible that the decryption password is compiled into their code, adding yet another layer of complexity. The point is, we don't know, but chances are probably pretty high that the hackers would have to brute force the encryption, which would take more time than it was worth.
In a file, or maybe in RAM only, wherever, it has to be there somewhere. Yes, we don't know what the system looks like and what exactly happened.

But that's kinda my point: We don't know.
And because of that saying the data was encrypted, don't worry is not a good idea.
__________________
Hadmar is offline   Reply With Quote
Old 13th Nov 2011, 02:58 PM   #10
Sir_Brizz
More Than Just Mad Skill
 
Sir_Brizz's Avatar
 
Join Date: Feb. 3rd, 2000
Location: >:3
Posts: 25,677
I'm not saying not to keep an eye on your accounts, I'm just saying it's unlikely that anything will happen that is tied to the hack.

Also, your password won't be taken. Unlike the Sony hack, Valve has hashed and salted passwords. By design they cannot be reverse engineered.
__________________
64 65 61 74 68 62 6f 6f 67 65 72 73 20 6d 6f 74 68 65 72 20 6f 66 20 63 6f 75 72 73 65

Liandri Archives - A veritable smorgasbord of information about the Unreal series
If Titanic taught me anything, it's to never let go until you're a frozen corpse staring hopelessly into a barren horizon.
Sir_Brizz is offline   Reply With Quote
Old 13th Nov 2011, 03:03 PM   #11
Plumb_Drumb
Banned
 
Join Date: Mar. 19th, 2002
Location: Denver Co. USA
Posts: 8,630
I'm not so worried about the Steam account as my credit card, so I've done a check on it and everything is cool right now.
I'll probably give it another check in a few days.

My credit card company might get tired of me doing this so often, but I could always cancel the number with a quick phone call and get a new one issued.
__________________


Last edited by Plumb_Drumb; 13th Nov 2011 at 03:04 PM.
Plumb_Drumb is offline   Reply With Quote
Old 14th Nov 2011, 09:39 AM   #12
Kyllian
if (Driver == Bot.Pawn); bGTFO=True;
 
Kyllian's Avatar
 
Join Date: Aug. 24th, 2002
Location: 45.64.294
Posts: 3,562
Quote:
Originally Posted by Plumb_Drumb View Post
My credit card company might get tired of me doing this so often, but I could always cancel the number with a quick phone call and get a new one issued.
^This. If you're worried your CC number was compromised, cancel and get a new one
__________________



Quote:
Originally Posted by Azura View Post
Welcome to BuF, home of the bukkake angel O_o...
Kyllian is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:01 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.

Copyright ©1998 - 2012, BeyondUnreal, Inc.
Privacy Policy | Terms of Use
Bandwidth provided by AtomicGamer