1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

PSA: Steam hacked

Discussion in 'Games' started by Sjosz, Nov 10, 2011.

  1. Sjosz

    Sjosz (╯°□°)╯︵ ┻━┻

    Joined:
    Dec 31, 2003
    Messages:
    3,048
    Likes Received:
    0
    So it's been confirmed today that Steam got hacked. Maybe a good time to reset your password?
     
  2. Kyllian

    Kyllian if (Driver == Bot.Pawn); bGTFO=True;

    Joined:
    Aug 24, 2002
    Messages:
    3,574
    Likes Received:
    0
    Here's the message I got after exiting a game
    This is why I never store CC info when making purchases
     
  3. Sir_Brizz

    Sir_Brizz Administrator Staff Member

    Joined:
    Feb 3, 2000
    Messages:
    25,970
    Likes Received:
    66
    The passwords were hashed and salted and the credit card numbers were encrypted. Yeah. Talk about useless data that would have to be brute forced and would not be worth the hackers' time.
     
  4. Capt.Toilet

    Capt.Toilet Good news everyone!

    Joined:
    Feb 16, 2004
    Messages:
    5,832
    Likes Received:
    2
    pword was changed upon hearing about it.
     
  5. Kantham

    Kantham Fool.

    Joined:
    Sep 17, 2004
    Messages:
    18,047
    Likes Received:
    2
    It's been confirmed 4 days ago. (screen caps of that fkn0wned site promoting on the forums)
    And yeah, maybe.
     
  6. Lruce Bee

    Lruce Bee Transcending to another level

    Joined:
    May 3, 2001
    Messages:
    1,643
    Likes Received:
    0
    It happens to the best of them apparently.
     
  7. Hadmar

    Hadmar Queen Bitch of the Universe

    Joined:
    Jan 29, 2001
    Messages:
    5,441
    Likes Received:
    27
    Encrypted CC numbers are just one more hurdle. A hurdle you should have, yes, but it's not an impenetrable magical barrier. The billing system needs to work with those numbers and they are not much of a help if they are encrypted. That means that the password has to be stored somewhere in the system. There are several ways how this can be implemented and some are more and some are less secure. The point is: It's possible that they also got the password for the CC numbers and don't have to brute force anything.
     
  8. Sir_Brizz

    Sir_Brizz Administrator Staff Member

    Joined:
    Feb 3, 2000
    Messages:
    25,970
    Likes Received:
    66
    Where a database table would not require the highest privileges, things that decrypt data in the database are usually stored in root access only files (if you're smart). I can't guarantee that happened, but tracking down that file would take more time than the length of the hack, frankly, even if it was stored in plain text and accessible to everyone. I don't know what the Steam site is built in, or their payment processor, but it's also possible that the decryption password is compiled into their code, adding yet another layer of complexity. The point is, we don't know, but chances are probably pretty high that the hackers would have to brute force the encryption, which would take more time than it was worth.
     
  9. Hadmar

    Hadmar Queen Bitch of the Universe

    Joined:
    Jan 29, 2001
    Messages:
    5,441
    Likes Received:
    27
    In a file, or maybe in RAM only, wherever, it has to be there somewhere. Yes, we don't know what the system looks like and what exactly happened.

    But that's kinda my point: We don't know.
    And because of that saying the data was encrypted, don't worry is not a good idea.
     
  10. Sir_Brizz

    Sir_Brizz Administrator Staff Member

    Joined:
    Feb 3, 2000
    Messages:
    25,970
    Likes Received:
    66
    I'm not saying not to keep an eye on your accounts, I'm just saying it's unlikely that anything will happen that is tied to the hack.

    Also, your password won't be taken. Unlike the Sony hack, Valve has hashed and salted passwords. By design they cannot be reverse engineered.
     
  11. Plumb_Drumb

    Plumb_Drumb yumb

    Joined:
    Mar 19, 2002
    Messages:
    8,623
    Likes Received:
    0
    I'm not so worried about the Steam account as my credit card, so I've done a check on it and everything is cool right now.
    I'll probably give it another check in a few days.

    My credit card company might get tired of me doing this so often, but I could always cancel the number with a quick phone call and get a new one issued.
     
    Last edited: Nov 13, 2011
  12. Kyllian

    Kyllian if (Driver == Bot.Pawn); bGTFO=True;

    Joined:
    Aug 24, 2002
    Messages:
    3,574
    Likes Received:
    0
    ^This. If you're worried your CC number was compromised, cancel and get a new one
     

Share This Page