Gabe Newell Says Steam Hack Is Worse Than Expected

[Metalrocks]

thats why valve is my favorite company. they take action and treat their customers right. still a shame about the hack but well, these guys always find a way somehow.
even when i dont use the forum, i still had to singe in to use the trouble shooting. so i follow his instruction and changed my steam account password to be save.

 

[ckam]

I don't remember ever using the forums, so I guess I'm OK for now. Goody. I'm hoping nothing gets worse.

 

[l3o2828]

How do i change my forums password if i can't even go to the Control Panel?

 

[Slayer_2]

Origin will now take over! The hackers were likely funded by EA so they can take over!

On a more serious note, I like how Valve is handling this, much better than Sony with the PSN catastrophe.

 

[Aprilgold]

This isnt about lulzsec or their ilk this is about one thing, money. After what lulzsec did it wouldnt be long before organised crims saw the oppertunity and got hacking.

Didn't Lulzec or Lulboat or what ever it was disband after their big hack?

Well, I changed my password to my 7th name that I use on some places.

 

[shrekfan246]

This is about the same timeline Sony told everyone things might be serious, a few days, but everyone lost their minds then.

It really just goes to show some things about preconceptions.

The thing I love is that because it's Steam and Valve, everyone on here is like "Oh, good on you Gabe for telling us!", and when it was the PSN and Sony, everyone was like "WTF Y U NO TELL US RIGHT WHEN IT HAPPENED, WHEN YOU'RE CLEARLY TRYING TO FIGURE OUT HOW TO CONTAIN COLLATERAL DAMAGE AND DON'T WANT TO MAKE ALL OF YOUR USERS PANIC?!?!!?!"

Yes, Sony should take note from something that Valve took note of because of them. I can guarantee that if the PSN hacks hadn't happened earlier this year, Valve would not have up and given this information right away because they would've been trying to figure out how much collateral damage had been caused before telling the public. Mass hysteria, etc. etc.

Also:

Funny. When this happens to Sony, everyone on here says Sony is such shit and they'll never use a Sony product again.

When it happens to Steam, you make TF2 jokes and pretend like its different. Bottom line is both companies had an obligation to protect user info and failed miserably at it.

Just saying.

This.

 

[Covarr]

Funny. When this happens to Sony, everyone on here says Sony is such shit and they'll never use a Sony product again.

When it happens to Steam, you make TF2 jokes and pretend like its different. Bottom line is both companies had an obligation to protect user info and failed miserably at it.

Just saying.

Except Valve didn't store passwords in plaintext. Sony did. Valve didn't spend weeks lying to us. Sony did. Those two things alone make a HUGE difference.

P.S. Thanks

 

[maturin]

Well shit.

I had to cancel my debit card once already after the PSN situation. Rather not have to do it again.

Not to be a jerk, but if you use a debit card for internet purchases, you deserve whatever you get for tempting fate.

 

[Centrophy]

What I want to know is why haven't I received any emails from Valve about this? Are they only talking to the gaming "press"?

 

[NJ]

Man... Deja-fuckin'-vu. After having canned my then-creditcard I should've gone PayPal, but noooo. >.>

PayPal from now on it is ._.

 

[dragongit]

Is this the year of game hacking or what? I've lost track now. I know PS3 and stuff, and I remember I think EA got hacked too. but now Steam has been compromised? Charming.

 

[Baneat]

Gabe, skip the 2 free games bullshit.

I want a hat!

 

[Soveru]

So Valve takes nearly a week to say that credit card information has been compromised and gets no flak for it while Sony does? The fanboyism here sickens me

 

[Jiefu]

It was bound to happen eventually, but it's nice to see they told people quickly (it's a good idea, internet companies!) and gave them details. Hopefully Steam Guard holds up.

This is about the same timeline Sony told everyone things might be serious, a few days, but everyone lost their minds then.

It really just goes to show some things about preconceptions.

Not really.

The attack occurred between April 17, 2011 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20, 2011. On May 4, 2011, Sony confirmed that individual pieces of personally identifiable information from each of the 77 million accounts appeared to have been stolen.

So, you know, a few days, a few weeks, same thing.

 

[Aisaku]

I'm betting EA had something to do with this... They've got a lot to gain over Steam's reputation being tarnished.

 

[McMullen]

I already changed my Steam password on Monday just in case, the card number they have is no longer in use (changed cards after the PSN hack, haven't bought anything online since), and I use Steam Guard.

 

[McMullen]

Funny. When this happens to Sony, everyone on here says Sony is such shit and they'll never use a Sony product again.

When it happens to Steam, you make TF2 jokes and pretend like its different. Bottom line is both companies had an obligation to protect user info and failed miserably at it.

Just saying.

Except Valve didn't store passwords in plaintext. Sony did. Valve didn't spend weeks lying to us. Sony did. Those two things alone make a HUGE difference.

P.S. Thanks

I seem to miss when Sony lied. I know they withheld all the details so that they could assess the damage properly, and not have the internet community freaking out.

Also, information was stolen both times. That's the important fact.

No, it's not. Saying information was stolen both times, and that's the important fact, is like saying during WWII the US killed hundreds of thousands of people, and that's the important fact. It's missing a huge amount of context and completely distorts the message.

We can assume that any place that hackers want to break into will get hacked at some point. What differentiates the responsible corporations from the irresponsible is what they do to prepare for this. Sony stored sensitive information in unencrypted plaintext databases. Valve stored passwords and credit card numbers in an encrypted form. This is roughly equivalent to having two banks, one of which (the Sony bank) stores money in cardboard boxes in an unlocked walk-in closet with a big sign on the door saying "MONEY". The Valve bank, on the other hand, stores it's money in a locked vault. If these were actual banks, the Sony Bank would clearly be neglectful.

Context. It makes a lot of difference.