Gabe Newell Says Steam Hack Is Worse Than Expected

Aardvark Soup · Nov 11, 2011

Well, at least their passwords were hashed and salted (basically meaning that if your password is uncommon, not based on a single dictionary word, and longer than about 9 or even 8 characters they'll probably never retrieve it) and their credit card information was encrypted, so the damage isn't too serious.

monkey jesus · Nov 11, 2011

What I don't get is that if you've hacked into Steam for personal information and CC details WHY THE FLAMING BUTTJERKY WOULD YOU ADVERTISE THE FACT ON THE TWATTING FORUMS?!

Once the hack is detected and the company start to react (and they appear to be reacting well yay Gabe!) the validity and therefore value of the information you stole nosedives. I can think of a couple of possible scenario's:

1. The attackers harvested the info and found that the effort required to break the encryption wasn't worth it and nobody would by it. So they posted info pointing to fucknowned on the forums and went on their way.

2. The attackers were only after the forums and got access to more than they expected but didn't actually take anything.

This is the problem with forensic's, you can't guest at the motivations of the attacker, it affects your judgement. You can examine the privledge of the compromised account and check logs but you can't trust logs on a compromised system, so without trusted corroborating info from a clean source you cannot be certain of what was done. This is why computer logs make pisspoor evidence.

Fact is that you will only see the extent of this attack when folks start losing Steam accounts or getting their CC's misused.

Jabbawocky · Nov 11, 2011

Hopefully SteamGuard will stop any massive intrusion but I changed my password anyway.

Thedutchjelle · Nov 11, 2011

Happy I'm always using iDeal for payments through Steam. WIthout my cellphone and my bank account information and login, they can hack my account all they want, I won't lose money.

Still a shame that it happened though. Atleast Valve is being honest about it.

The Great JT · Nov 11, 2011

Thanks for being up front with us, Gaben.

Sony, take notes, there will be a test later. Yes I am still going to ride Sony's ass about this.

DarksideFlame · Nov 11, 2011

I changed my password when I first heard of this hack so I should be safe...right?

anthony87 · Nov 11, 2011

maturin said:
anthony87 said:

Well shit.

I had to cancel my debit card once already after the PSN situation. Rather not have to do it again.

Click to expand...

Not to be a jerk, but if you use a debit card for internet purchases, you deserve whatever you get for tempting fate.

Tempting fate? The point of the card is to be used on internet purchases.

tamerman · Nov 11, 2011

i dont even use the forums, think i should still change my password?

mateushac · Nov 11, 2011

dude... any clue of how long it would take for possible victims to show up all around?

Jumpingbean3 · Nov 11, 2011

And this is why I don't save my card information. My Steam wallet doesn't have much in it anyway so I don't think it's a big deal.

RandallJohn · Nov 11, 2011

I keep trying to change my pass and getting "Steam cannot process your request at this time. Please try again later." Ugh.

kingofboars · Nov 11, 2011

We get a free hat out of this, right? For the pain and suffering?

Vhite · Nov 11, 2011

Gennadios said:
Free copies of Portal 2 for everyone effected!

Well, probably too much to hope for.

Free commemorative TF2 hats!!!1one w00t!

Credit card hacked - 2000?
Idiot hat with writing "I got hacked!" - priceless.

Kingsnake661 · Nov 11, 2011

Question. After the PSN event, i disabled and renew my 3 main CC's. I'm only used one card on steam, and have never checked the box to save my info, so i retype it when i buy something, that SHOULD mean the new card info wan't on the server to steal right? I mean, i'm going to change my password once i get home, can't at work, and i always check my card statments and have a free credit report account monetering my credit, so, i prolly don't have to cancel this card.

Eh, what can you do. This is just now a part of life isn't it. ;-(

Raesvelg · Nov 11, 2011

doggie015 said:
...

Sony took several MONTHS to say it!

A but of a difference there...

Seven days.

Three days to state that a hack had occurred, which is the ONLY thing people can really hold against Sony. Then again, the people who hacked the PSN didn't deface the front page and make it incredibly fucking obvious what had happened, either.

But yeah, people seem to have this idea that Sony sat on the info for weeks or months before they told anybody, which is bullshit.

gphjr14 · Nov 11, 2011

doggie015 said:
Soveru said:

So Valve takes nearly a week to say that credit card information has been compromised and gets no flak for it while Sony does? The fanboyism here sickens me

Click to expand...

...

Sony took several MONTHS to say it!

A but of a difference there...

Months? were in a comma or a time vortex because it was like a week before they said peoples personal info was stolen. Around that time I had my paypal account used which has nothing to do with SONY but I got my money back within a week with one email.

Still use my credit card on PSN and haven't had any problems. People overreact. If hackers want your info they'll get it eventually, its not too big a deal if you keep an eye on your accounts and have a bank with good security policies and safety nets for when unauthorized charges occur.

Mausthemighty · Nov 11, 2011

I changed my password. I'm happy Valve gave us a heads up.

Gabe Newell Says Steam Hack Is Worse Than Expected

Aardvark Soup

New member

monkey jesus

New member

Jabbawocky

New member

Thedutchjelle

New member

The Great JT

New member

DarksideFlame

New member

anthony87

New member

tamerman

New member

mateushac

New member

Jumpingbean3

New member

RandallJohn

New member

kingofboars

New member

Vhite

New member

Kingsnake661

New member

Raesvelg

New member

gphjr14

New member

Mausthemighty

New member