Steam hacked, personal and credit card data stolen

Your favorite spot for news, entertainment, video games, TV, movies, books, your mom, etc.

Moderator: Tsuki

Post Reply
User avatar
aine
ANGERME
Posts: 3843
Joined: Sun Sep 17, 2006 4:08 pm

Steam hacked, personal and credit card data stolen

Post by aine »

FYI:


Dear Steam Users and Steam Forum Users,



Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.



We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
here are some suggestions:



* Change your Steam password, just in case. If you were using a weak password before, take this opportunity to choose a decent one.



* Keep an eye on your credit card statement and report any unexpected transactions.



* Consider not storing your credit card data on Steam's servers. You don't have to. You can choose to enter it every time you need it instead.



* Consider enabling Steam Guard. If you do, Steam will email you every time you (or someone else) logs in from someone else's computer.



* Send an email to Steam asking why they encrypted credit card data and passwords, but apparently not the rest of its users' personally identifiable information.


nakedsecurity article



BBC article





Nothing to add really, but I'm pissed off and worried.
Image

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
#whereisyui #ゆいちゃん
~breathe your last and fall into my eternal embrace~
User avatar
neshcom
ANGERME
Posts: 3782
Joined: Thu Oct 05, 2006 4:13 am

Re: Steam hacked, personal and credit card data stolen

Post by neshcom »

Fun fact: When Steam says they encrypted your data, they mean that it was encrypted with a 256-bit hash and the data was salted (in simple terms: random data was inserted at certain points) meaning it would take supercomputers decades to brute-force their way in. I'd probably change my password, but I won't be getting a new check card.
User avatar
aine
ANGERME
Posts: 3843
Joined: Sun Sep 17, 2006 4:08 pm

Re: Steam hacked, personal and credit card data stolen

Post by aine »

Apparently only passwords and credit card numbers were encrypted. It doesn't make me feel much better about it - in fact, I would prefer it to be the other way round, with plain-text CC numbers, and encrypted names, billing addresses, etc.



Why? Fraudulent transactions can be reversed and/or are insured, and banks are keeping an eye on the transaction activity and sometimes even block the cards themselves if there is enough suspicion. But personality theft can ruin your life, having your house broken into and robbed sucks really bad, not to mention the annoyance of having your email and snail mail boxes filled with spam.



And all that for signing up for a system that I hardly ever use, and if I do it's only for single-player games. I think if I buy games I'll stick to playing "backup copies" from now on, and keeping the originals neatly wrapped in their boxes. At least they'll keep their re-sale value in the world full of DRM. <img src='http://mm-bbs.org/public/style_emoticon ... >/geof.png' class='bbc_emoticon' alt=':geof:' />
Last edited by aine on Fri Nov 11, 2011 8:04 am, edited 1 time in total.
Image

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
#whereisyui #ゆいちゃん
~breathe your last and fall into my eternal embrace~
User avatar
Ap2000
つんく♂
Posts: 9525
Joined: Sat Oct 21, 2006 11:43 am

Re: Steam hacked, personal and credit card data stolen

Post by Ap2000 »

[quote name='neshcom' timestamp='1321026209' post='112158']

Fun fact: When Steam says they encrypted your data, they mean that it was encrypted with a 256-bit hash and the data was salted (in simple terms: random data was inserted at certain points) meaning it would take supercomputers decades to brute-force their way in. I'd probably change my password, but I won't be getting a new check card.

[/quote]



Decades won't even do it.

More like millenia.



The thing is, this is completely null anyway if you've used a different acc-name and pwd on the Steam forums.
Post Reply