Valve: It’s ‘Probable’ That Hackers Obtained Old Steam Data

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Remember when Valve was hacked last year and they said they found no evidence that hackers took any information? Well, now the company just released this statement yesterday saying that it is "probable" that old backup data was taken.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
 
Good. I hope that's true and I hope Valve has done the best they can to minimize future headaches.
 
Remember when Valve was hacked last year and they said they found no evidence that hackers took any information? Well, now the company just released this statement yesterday saying that it is "probable" that old backup data was taken.

FWIW, I got that message when I logged into Steam either Friday or Saturday.
 
But Valve doesn't get hacked. Valve are infallible gods. I refuse to believe this news.
 
I just hope that the keys to the encrypted information were not stored with the backups.

But then again why wouldn't you want to tape your house key to your front door :rolleyes:
 
But Valve doesn't get hacked. Valve are infallible gods. I refuse to believe this news.

They aren't infallible, but they are a lot more honest and forthcoming about information than most other companies that have had issues. That earns a lot of trust from me. I don't think anyone expects them to be perfect. But we do expect them to respect their customers, and that's what this is. Much more so than trying to hide it and let only the bare minimum of information about it go out.
 
This backup file contained user names (arg, ok...), email addresses (get ready for the spam...), encrypted billing addresses (ok that's a bit of a piss off...) and encrypted credit card information (WUT??). It did not include Steam passwords. (OH THANK FUCK - MY STEAM ACCOUNT IS OK!)

*headshake*
 
At least my card info that was on steam is all out of date. Saved me the hassle of having to get a new card after they were hacked. On the plus side they've been extremely transparent about the whole thing. Nothing worse than a company getting hacked and not telling it's customers about it in a timely manner. This kind of thing will happen from time to time no matter how good your security is. How they deal with it is what matters and valve seems to be doing a great job.
 
Yup - because after waiting for a year, they're still not releasing or even sure what has or hasn't been taken.

That deserves a pat on the back right there.
 
I never use credit cards with Steam. I've always paid with paypal. Besides, I did not have a Steam account in 2008. So I have nothing to worry about.
 
This backup file contained user names (arg, ok...), email addresses (get ready for the spam...), encrypted billing addresses (ok that's a bit of a piss off...) and encrypted credit card information (WUT??). It did not include Steam passwords. (OH THANK FUCK - MY STEAM ACCOUNT IS OK!)

*headshake*

LMFAO! I thought the exact same thing. "So somebody could possible have your credit card number and run up $10,000 worth of debt but fear not, nobody will be able to sign into a BF3 server under your screenname." Wut?
 
Thank God, my password is safe, my password is safe......

but there's that little problem about your Fucking credit card number...... sorry.:eek:
 
Old, expired CC/debit accounts aren't any worry of mine. When I saw this over the weekend, I read it & closed it with very little worry about my financial future.
 
LMFAO! I thought the exact same thing. "So somebody could possible have your credit card number and run up $10,000 worth of debt but fear not, nobody will be able to sign into a BF3 server under your screenname." Wut?

If the credit card information, in fact was encrypted. The key decryption key will be needed to access this data for it to be useable. As someone mentioned above, hopefully Valve had better practices and did not store the decryption key with the encrypted data. But, likely, if it happened in 2004-2008, how viable is the information to someone with an expired card? I don't know, all my cards have expired from that time frame and new ones sent out with entirely different numbers and expiration dates in the 2012-2013s only lasting about 2-3 years before expiring.
 
LMFAO! I thought the exact same thing. "So somebody could possible have your credit card number and run up $10,000 worth of debt but fear not, nobody will be able to sign into a BF3 server under your screenname." Wut?
No one will be able to sign into a BF3 server under your Steam name anyways since BF3 is on Origin :p
 
I had a couple of credit card #'s stolen during that time frame. Unsure if its related or not.
 
I like that Valve isn't pissing on us and telling us it's raining, à la Sony. I don't like that it took them this long to come to a conclusion that it was probable they obtained the information.

I call it a wash.
 
But Valve doesn't get hacked. Valve are infallible gods. I refuse to believe this news.

yes, Gabe is a god and he only let it happen on purpose for publicity and to let everyone know how secure steam really is since all these hackers were able to obtain is some outdated customer data. :rolleyes:
 
I still have the same card, and no issues.

This is not much of an issue to me, as I always go over my statements regularly anyway. If something FINALLY does pop up, I'll notice it, and deal with it pretty quickly.

Nice to have a heads-up though.
 
Yup - because after waiting for a year, they're still not releasing or even sure what has or hasn't been taken.

That deserves a pat on the back right there.

November was a year ago?

If the credit card information, in fact was encrypted. The key decryption key will be needed to access this data for it to be useable. As someone mentioned above, hopefully Valve had better practices and did not store the decryption key with the encrypted data. But, likely, if it happened in 2004-2008, how viable is the information to someone with an expired card? I don't know, all my cards have expired from that time frame and new ones sent out with entirely different numbers and expiration dates in the 2012-2013s only lasting about 2-3 years before expiring.

I just hope that the keys to the encrypted information were not stored with the backups.

But then again why wouldn't you want to tape your house key to your front door :rolleyes:

^^This.

And if you're oh so scared, go to your CC company and get a new card. Most will give you a new card for free, or a relatively small sum.

The point people ride Steam's jock is instead of being quiet for months, they tell you quite quickly that they've been compromised so you can take action (like getting a new CC).
 
This backup file contained user names (arg, ok...), email addresses (get ready for the spam...), encrypted billing addresses (ok that's a bit of a piss off...) and encrypted credit card information (WUT??). It did not include Steam passwords. (OH THANK FUCK - MY STEAM ACCOUNT IS OK!)

*headshake*

encrypted being the keyword... the hackers probably dont even know how it was encrypted, hopefully something more than some standard hash.

At least they are honest about it.. not like other companies that try and downplay the issue.

Valve could of kept quiet and said nothing as i am sure most people forgot about the issue but instead they came out to keep people updated.
 
I'm not worried. I've already got a new card thanks to someone, somehow, getting my card # early last year. :p
 
I still have the same card, and no issues.

This is not much of an issue to me, as I always go over my statements regularly anyway. If something FINALLY does pop up, I'll notice it, and deal with it pretty quickly.

Nice to have a heads-up though.

Right, you should be checking your statements every month anyway. I caught an asshole who bought a $500 gift card using my skimmed number at a Home Depot. Attacks can come anytime, anywhere, but if you re vigilant you are not charged for any of it.
 
This backup file contained user names (arg, ok...), email addresses (get ready for the spam...), encrypted billing addresses (ok that's a bit of a piss off...) and encrypted credit card information (WUT??). It did not include Steam passwords. (OH THANK FUCK - MY STEAM ACCOUNT IS OK!)

*headshake*

LOL! I know right? As long as my games are safe, screw my CC information.
 
at least i can take comfort in the fact that my credit card number has changed since then. funny thing is fraud is why it was changed.
 
I'd be more concerned about my passwords being taken than CC #'s myself. I use a few of the same passwords at different places so getting the user name and password could be used elsewhere.... not a smart thing to do I know but I'm lazy.

If my CC # gets stolen which has happened twice with two different cards it's not big deal. A quick call to the CC company and they send me a new card. Chase even offered to overnight ship me a new card. I wasn't responsible for any of the fraudulent charges.
 
I just hope that the keys to the encrypted information were not stored with the backups.

But then again why wouldn't you want to tape your house key to your front door :rolleyes:

it does not matter the thieves have forever to crack the encryption and circa 2004 the engineers probably felt 40 bit 3DES was sufficient
 
It's not about the CC # being expired or not but that CC# can be used to change account information (i.e. the billing address). I actually had this happen to me, and thankfully the CC company security team flagged this.

One thing you can do is request the CC company to put a password on your account such that no changes to the account can be made without knowing that password.
 
Yup - because after waiting for a year, they're still not releasing or even sure what has or hasn't been taken.

That deserves a pat on the back right there.

If you actually still use steam you'd know they had a message waiting for everyone who had an account the next time they logged in and I believe it was also sent through e-mail. It basically said change your steam related passwords and ask your CC provider for a new card; because we were hacked and don't know the extent of the damage. They were prompt and made sure their users were aware info could have been stolen and cc's should be replaced just in case the hackers got to the info.
 
Back
Top