Steam Hackers "Probably" Got Credit Card Info

[lRookiel]

I changed my password since then so I don't have to worry, also I use paypal :3

 

[Xannidel]

One idea I like is prepaid cards. After the PSN attack I promised to never use my card to purchase games on the PSN and would rather buy their cards. More websites should use this as well. Of course I can't find a bad side to using pre paid cards so I am sure someone can find a flaw in that.

 

[jedizero]

One idea I like is prepaid cards. After the PSN attack I promised to never use my card to purchase games on the PSN and would rather buy their cards. More websites should use this as well. Of course I can't find a bad side to using pre paid cards so I am sure someone can find a flaw in that.

Pre-paid cards basically take your money and make it fake money that only Sony accepts. Leave it on a credit card, or debit card, and it stays legal tender.

 

[Xannidel]

But is it possible to hack pre-paid cards?

 

[Dogstile]

Sony takes less then a week to inform customers of a potential credit card breach. Valve takes 4 months. Yet Sony are the monsters because they took too long, and Valve is innocent. I love internet logic.

Valve reported on it immediately after it happened. They said they recommend changing your info/card. Sony took a week to say ANYTHING the the community at large. That is the difference, and it is a big difference at that.

Basically this:

The difference between Valve and Sony is that Valve, immediately after finding out about this, alerted everyone, saying that there is a possibility that stuff was stolen. Sony, after finding out about this hack, waited several days, almost a week, before going "Oh by the way you guys, we might have gotten hacked."

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked."

From Gabe himself. That was a few days after the hack and as far I can recall, there was nothing about the hacking after that. It is only 4 months later that we learn that credit card details might have been stolen.

But he still said that there was a breach and he did warn people to be careful. Sony didn't even do that. Big difference.

And before you accuse, no, i'm not fond of valve.

Edit: In fact, next time, post everything he said, not just once sentence. Otherwise you're just taking one thing he said out of context and making a big deal out of it.

Then again, maybe I can just recognise it because British tabloids do it all the time.

 

[oktalist]

This is a really fantastic investigation job from Valve to figure out exactly what was done.

Since they will probably never tell us how the attackers gained access, we can't really judge whether there was any negligence there or if it was something they couldn't have been expected to anticipate.

 

[Weaver]

1) All they got was a huge as fuck encrypted database that is hashed and salted. It won't be broken.

If, as someone in this thread said, they used AES 256 it would take, assuming 2^56 operations a second 50,955,671,114,250,072,156,962,268,275,658,377,807,020,642,877,435,085 years to break the database. http://en.wikipedia.org/wiki/Brute-force_attack

The standard tricks to reduce this number in AES encryption reduce that by a factor of 4. The world won't exist at that point.

It's the equivalent of robbing a safe full of information, but the thieves can't actually find a way to open the safe. They have it, but it's just sitting in their house.

2) Even if by some miracle they broke the database, if it's from 2008 my credit card has been re-issued and re-numbered since then.