Poll: Are You Cancelling Your Credit Card over the Steam Hack?

[Zing]

I have like $20 in my bank account. I don't think the hackers will be making bank off me.

 

[Some_weirdGuy]

Gabe gave out his password and associated steam account email address when they released steam guard.
So even with your password (which they don't actually have cause its the forum passwords not the steam account passwords), unless they can get on your computer they aren't doing anything with your account.

 

[TheYellowCellPhone]

Steam tells me that there's no credit card information associated with my account, so I see no need to.

 

[Agente L]

Will you be cancelling your credit card knowing that the encrypted card data on Steam has been accessed?

Why would I do so if the files are encrypted? It would take some HUNDREDS OF THOUSANDS OF MILLIONS of years to break if using brute force, if they use a 128 bits key. Or the entire age of the universe if they are using 256 key.

 

[w00tage]

Nope, password changed, CC deleted from Steam account, and watching the CC account though. That reminds me, I need to set up an email whenever the card is charged to make it easier to monitor.

 

[Edible Avatar]

This sounds kinda stupid for hackers.

They manage to be ballsy (and smart) enough to hack into all of steam's credit card info, yet the encryption key prevents the information from being usable (useless), so all they got were a bunch of passwords (which i'm sure everyone has changed by now) (again,useless).

Steam=1, Hackers=0

But what if they were not trying to get the information? They just wanted to make steam appear insecure and unreliable for game purchases. I can think of a new online distributor who would like that to happen, and might help in making that a reality.

/conspiracytheory

Sorry about that; it's late, i need sleep, and i've been playing too much AC:2

 

[Owyn_Merrilin]

Fortunately, even if they somehow manage to break the encryption, I'm safe, because the only card tied to the account is one I cancelled close to a year ago. I'm really not too worried about this hack; unlike Sony, Valve seems to understand the importance of encrypting sensitive data. I think what we're going to see here is a lot of spam being sent to e-mail accounts tied to the Steam forums, a few passwords that are susceptible to dictionary attacks getting cracked, and not much else. If you've got a decent spam filter and your password was something better than "password1," you're probably safe.

Edit: Case in point, I'm pretty sure all of the penis pill ads in my spam filter are a result of this. I had literally never received one before these came over. Note that while the dates seem a bit early, the one at the bottom is dated "January 1, 1990." It is literally impossible for an e-mail that old to be in my spamfolder for several reasons. For one thing, the folder clears itself every couple of months. For another, my account was created somewhere around 2004. For another, Yahoo didn't have an e-mail service in 1990, and probably didn't exist at all, for that matter. Point being,the dates in October are just as suspect as that one, and since it's a new form of Spam that I hadn't noticed prior to the Steam hack...

Some of you are probably noticing that there are e-mails from GoG in there. They are legit, but Yahoo's spam filter catches a lot of mass e-mails by default, which, coupled with the fact that it deletes stuff after a couple of months, is why I check it periodically.

 

[Owyn_Merrilin]

This sounds kinda stupid for hackers.

They manage to be ballsy (and smart) enough to hack into all of steam's credit card info, yet the encryption key prevents the information from being usable (useless), so all they got were a bunch of passwords (which i'm sure everyone has changed by now) (again,useless).

Steam=1, Hackers=0

But what if they were not trying to get the information? They just wanted to make steam appear insecure and unreliable for game purchases. I can think of a new online distributor who would like that to happen, and might help in making that a reality.

/conspiracytheory

Sorry about that; it's late, i need sleep, and i've been playing too much AC:2

Dude, even the passwords were encrypted. I'm glad Valve is letting us know, but this isn't anywhere near as bad as the PSN hack was. What getting the hashed passwords really does is let them do dictionary and brute force attacks on the account without having to worry about automatically getting locked out after a few tries. If your password isn't susceptible to dictionary attacks and has a reasonably high cryptographic entropy, you probably don't even need to worry about changing it. The spam filters of the world's PC gamers are going to be working overtime from now on, though...

 

[INeedAName]

Could someone here clarify something for me.

As long as I didn't save any of my info (like credit card numbers), that information should be safe, right?

 

[veloper]

No, use paypal (or one of their competitors) for your online purchases, like a smart person.

 

[Dudeio]

Credit card? Really? Get Palpal and worry less. Set up a separate account which has instant transfers from your main account which has a debit card attached. Problem solved.

It'll probably cost less than a credit card too.

And when Paypal gets hacked? What then? You're never safe from having your card stolen.

I don't think I explained myself correctly.

My paypal currently has ~$3.00 in it.

If I wanted there could be all the money I need there within minutes. However this requires access to both: my banking, and my paypal.

But then, there's always risk in anything. Using all of the systems at your disposal will make it harder for anyone trying to steal from you. Like putting your rolex in a safe which is in your locked house. If they know the combination to the safe but can't get into your house, you keep your watch; if they get in your house, but can't crack the safe, you keep your watch.

I also recommend banking with more than one bank. Don't keep all of your eggs in one basket.

Make more sense?

If someone were able to get access to both of these I'd hope that at least one of the companies involved would help in recovering the stolen funds. If not, there's savings which is handled completely offline.

No, I'm not paranoid. I'm prepared.

If someone steals my paypal account password they can go on ebay and buy all the shit they want with my paypal without me having any money on my account, paypal takes it anyways and I'll end up in negative.

and while we are at it, you should always wear gloves when handling paper money! What happens if the store you are buying from is secretly a government agency that will use your fingerprints and DNA to put you on the NWO death lists and track your every move!?!?!?!??!!
/sarcasm


Unless you stay in a whole your whole life, you are at risk. It's a fact of life, all you can do is minimize risk and damage control.

Captain obvious strikes again ;O

 

[RedLister]

changed password and removed my credit card details to be safe even though all they could swipe off me is peanuts........but there MY PEANUTS!

 

[meowchef]

I didn't change a thing.

Go ahead hackers... take my debit card information. I dare ya.

 

[Tigger1992]

Dear Hackers: Good job getting the info on a card I don't even reload anymore. Don't spend the $3.49 in one place, now.

What TC, did you cancel the poll?

I tried making a poll when I made the thread but it did not show up. I also tried editing the post to add a poll but the option to was not there...

 

[StBishop]

Credit card? Really? Get Palpal and worry less. Set up a separate account which has instant transfers from your main account which has a debit card attached. Problem solved.

It'll probably cost less than a credit card too.

And when Paypal gets hacked? What then? You're never safe from having your card stolen.

I don't think I explained myself correctly.

My paypal currently has ~$3.00 in it.

If I wanted there could be all the money I need there within minutes. However this requires access to both: my banking, and my paypal.

But then, there's always risk in anything. Using all of the systems at your disposal will make it harder for anyone trying to steal from you. Like putting your rolex in a safe which is in your locked house. If they know the combination to the safe but can't get into your house, you keep your watch; if they get in your house, but can't crack the safe, you keep your watch.

I also recommend banking with more than one bank. Don't keep all of your eggs in one basket.

Make more sense?

If someone were able to get access to both of these I'd hope that at least one of the companies involved would help in recovering the stolen funds. If not, there's savings which is handled completely offline.

No, I'm not paranoid. I'm prepared.

If someone steals my paypal account password they can go on ebay and buy all the shit they want with my paypal without me having any money on my account, paypal takes it anyways and I'll end up in negative.

Really, Paypal always tells me if I'm short on cash, it actually won't let me make a purchase without either transferring money in or having the amount in there already.

I'm not saying you're wrong, just that it's not been my experience, although I'm sure you're right. There tends to be work arounds.

I might have to contact them and see if there's a way to disable the ability to have "credit" for purchases with my account.

 

[TriGGeR_HaPPy]

Will you be cancelling your credit card knowing that the encrypted card data on Steam has been accessed?

1. They don't know it has been taken

2. It's encrypted in AES256, they won't be getting into those files.

This should pretty much be /thread right here.

For me, I don't save my credit card details anyway, I input them with each purchase. But the above post still outlines why it's not necessary for anyone to be jumping the gun just yet.

 

[DementedSheep]

No need, I never let steam save my credit details anyway.

 

[jackpackage200]

Can someone answer this question for me, if i have never used the steam forums am i safe? i did change my password