Steam Hackers "Probably" Got Credit Card Info

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
Steam Hackers "Probably" Got Credit Card Info


Valve boss Gabe Newell says hackers who broke into Steam last year probably made off with an old backup file containing user names, email addresses and encrypted credit card information.

In November 2011, Steam became the latest victim in a string of attacks against game-related websites, as hackers worse than originally thought [http://www.escapistmagazine.com/news/view/114062-Hackers-Hit-Steam-Forums], as the hackers had also gained access to a Steam database containing user information including "hashed and salted passwords" and encrypted credit card info. On the upside, Newell said at the time that "we do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders," and that it would continue to investigate.

Valve now says that the intruders very likely did get away with credit card data, although at this point it appears that the stolen information is old - hopefully too old to be of any value. "Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008," Newell said in the latest update on the situation. "This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."

"We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised," he continued. "However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well."

Valve is continuing its investigation in conjunction with law enforcement authorities.


Permalink
 

Waaghpowa

Needs more Dakka
Apr 13, 2010
3,073
0
0
Not concerned at all. Even if something does happen regarding my credit card, my card company will lock it and wait till I can verify.
 

TimeLord

For the Emperor!
Legacy
Aug 15, 2008
7,508
3
43
I use PayPal for all my Steam transactions so this is not a worrying thing for me. However I can see how it can be troubling for others.
 

D0WNT0WN

New member
Sep 28, 2008
808
0
0
God Bless Paypal.

I will never have to deal with hackers and their bullshit. Now if PSN (or SEN) would implement paypal.
 

Ragsnstitches

New member
Dec 2, 2009
1,871
0
0
D0WNT0WN said:
God Bless Paypal.

I will never have to deal with hackers and their bullshit. Now if PSN (or SEN) would implement paypal.
Unless they hack paypal or just your paypal... I honestly don't know the likelihood of that, but anything you do on the internet is traceable and potentially stealable too. I still remember when Amazon was hacked years ago. The net is far from perfect when securing credentials.
 

LetalisK

New member
May 5, 2010
2,769
0
0
And yet neither Steam nor Microsoft, who had a similar issue, will get 1/10th the shitstorm Sony got. Why? Because Sony is PR retarded.
 

Rad Party God

Party like it's 2010!
Feb 23, 2010
3,560
0
0
Definitively not concerned, as I started to buy their digital stuff a couple of years back, I also recently changed my password, so knocking on wood.
 

gigastar

Insert one-liner here.
Sep 13, 2010
4,419
0
0
Not really worried, my card had to be changed lately anyway for an unrelated reason.

LetalisK said:
And yet neither Steam nor Microsoft, who had a similar issue, will get 1/10th the shitstorm Sony got. Why? Because Sony is PR retarded.
Yeah, pretty much. Even if the Microsoft and Steam hacks actually turn out worse than the PSN hack niether Steam or M$ will get as much flak as Sony did.
 

RhombusHatesYou

Surreal Estate Agent
Mar 21, 2010
7,595
1,914
118
Between There and There.
Country
The Wide, Brown One.
DarkRyter said:
They encrypt with AES256.

There's nothing to worry about.
No shit. Any half decent 256bit encryption is so time intensive to decrypt without a key that they're effectively unbreakable and AES256 (formerly 'rijndael') doesn't have any 'breaks' (mathematical shortcuts) that brings keyless decrypt time down below 'lifespan of the universe', so it's pretty much bulletproof for the time being.

The game won't change until quantum computing really gets a toe hold in the crypto game... which will take a while before it gets out of R&D stages.
 

Something Amyss

Aswyng and Amyss
Dec 3, 2008
24,759
0
0
I find it amusing that, with such a late disclosure here, people aren't throwing a tantrum.

DarkRyter said:
They encrypt with AES256.

There's nothing to worry about.
Which is why Gabe has stopped spouting prideful statements about how they couldn't possibly get the info, MIRITE?
 

poiuppx

New member
Nov 17, 2009
674
0
0
The glorious irony? I changed my card after the PSN hack; as a result, this doesn't affect me.

Still, here's hoping Valve keep on top of this. Hate for this to blow up in their faces.
 

Not G. Ivingname

New member
Nov 18, 2009
6,368
0
0
Now this is how you handle a hacker crisis, be completely open about it.

Steam may have some issues, but at least they are open with there communications.
 

Android2137

New member
Feb 2, 2010
813
0
0
Oh man that sucks. I mean, not for me, since this was all waaaay before I began using Steam, but still. Oh well. At least the credit card data is so old they probably can't use it.
 

Kapol

Watch the spinning tails...
May 2, 2010
1,431
0
0
And here I was mad that it took Sony a week or two to tell us our account information was 'probably' stolen. At least I've changed my information since 2008 in almost every way and didn't spend anything until 2009. Still sucks though.
 
Jan 27, 2011
3,740
0
0
Zachary Amaranth said:
I find it amusing that, with such a late disclosure here, people aren't throwing a tantrum.
Because they ALREADY said months ago that the hackers most likely got access to the server with the credit card info and stuff.

NOW they're saying that they DID get in, and made off with a backup copy of some transactions made, which included encrypted Card data.

So yeah, we already knew about this possibility, and this is just some extra confirmation.
 

Lunar Templar

New member
Sep 20, 2009
8,225
0
0
>.>

so they basically got .... what you can find in the phone book ....

go them *rolls eyes* i didn't join steam till 09 and i've change my payment data least once since then, closing in on having to update it again actually
 

Something Amyss

Aswyng and Amyss
Dec 3, 2008
24,759
0
0
aegix drakan said:
Because they ALREADY said months ago that the hackers most likely got access to the server with the credit card info and stuff.

NOW they're saying that they DID get in, and made off with a backup copy of some transactions made, which included encrypted Card data.

So yeah, we already knew about this possibility, and this is just some extra confirmation.
Not quite. We were appraised of current information that Gabe bragged was uncrackable.
 

wooty

Vi Britannia
Aug 1, 2009
4,252
0
0
Oh good, another thing for me to possibly be concerned about. Cheers steam.

First you irritate the hell out of me with this steam cloud nonsense, now this. Been a love/hate/hate relationship between me and this company for many many years now.