Holding a company accountable for a breach of customer trust and the dispersion of private information is "brouhaha"? You and I sir or madam have very different definitions of an appropriate response then. Be it the Sony, Target, or Valve debacle, they all leaked personal information they were entrusted to keep secure. You want to take numbers and probability of malicious actin into account, I don't give a shit about either of those two things because, as you said, "People need to give the situation the appropriate response..." The situation being a company failed to secure personal information, the response being anything up to legal action for their failure. You said you had experience in server admin stuff, is that maybe making you a biased party?Areloch said:
Valve Issues Statement on Steam Christmas Malfunction
- Thread starter Lizzy Finnegan
- Start date
It's entirely probable I'm slightly biased, sure. For example, I've been in a situation where the company I worked for did nothing wrong and we had a complete outage of all services for 3 hours.Sarge034 said:
Basically, the datacenter the company operated out of was doing routine maintenance, and due to a freak cascaded hardware failure, both redundant switches that acted as the pipes for the datacenter died. The hardware itself tanked. They had the manufacturer themselves emergency ship replacement hardware out(because it was a hardware fault), but it meant that everything just ceased to exist as far as the internet was aware. Support ticket system, phone system, all websites we hosted including our own, just suddenly ceased to be.
That's a BAD situation to be in when you serve tens of thousands of customers, but the fact of the matter was, there was *literally* nothing we could do until the replacement hardware got there. Not a singular bit.
So having been in a pretty bad hosting/datacenter situation myself on more than one occasion, I'm willing to just accept that sometimes crap breaks catastrophically and you can't personally do anything about it because it was a third party company's fault.
Is it a good thing? Pfthahaha ooooh lord no. Not in the least. But at the same time, I have a hard time justifying the people going "Man, I really hope Valve gets sued!", when a) Valve wasn't the core entity at fault, and b) the response was likely as fast as reasonable, and once the situation was contained, it really, REALLY didn't take long for them to get a statement out that explained what the problem was, why it happened, and how it'll be prevented in the future, in addition to them doing the reaching out to any impacted parties for any needed reparations.
And as I mentioned before, there's a rather high probability the data that was exposed was already put out on the internet by the impacted party themselves.
That said, if someone does, indeed have something malicious happen to them due to the breach, then they absolutely have grounds to seek damages, but as-is, I'm not entirely sure(though of course, I'm not a lawyer) that Valve's handling of the situation is something one has a legal basis to hit them for. If anyone would actually, legally be on the hook, I'd presume it would be the caching provider, as they were the ones serving incorrect and compromised data.
So sure, I'm probably biased to be a bit more favorable to the techs in this because I've been on that end of things before, but at the same time, I'm unconvinced that people who always have their pitchforks and torches at the ready have any idea how this stuff works and are just chomping at the bit to hit the first thing that looks like a target, without consideration for what happened or what, if any, the repercussions are.
Make no mistake, leaked data is bad and I fully acknowledge that, but I just personally can't help but not put this in the same category as the Sony or Target leaks due to the nature of the leak, the scope of the leak, and the data that was compromised in the leak. A sister-category probably, but not the same one.
I don't know what the reasonable middleground is, to be honest. I know that any compromised user is a very bad thing, but I'm also aware that if we burned down every company that ever had a single user compromised for any reason, I don't think we'd have any companies left.
Maybe I'm just simply tired of seeing the internet rage machine at this point. I don't know.
Ok, I get that. But as one of those people who has no idea how that stuff works it looks like this. Beginning, middle, and end, it doesn't matter who actually failed because it was Valve's responsibility to secure that data. I didn't buy anything from a third party server service so these people who Valve contracted to secure the data have come under Valve's prevue to secure both the user's and Valve's data. They failed and that responsibility is transferred to the thing on top. You know that saying shit rolls down hill and failure floats to the top... And I'm not looking to burn Valve down, not for this reason at least, just take a sizeable chunk out of their ass.Areloch said:
Eh?Xeorm said:
Pretty sure thats an apology. You may not believe it's any more sincere than your regular corporate speak and that's fine, but they did issue an apology.
Fair enough. As someone that's been on the other side, I can't say I agree, but I can definitely understand the reasoning.Sarge034 said:
Sorry but to everyone trying to absolve steam because "3rd party" lol.
Their customers bought from valve, gave their personal information to valve and trusted that valve would not fuck up.
Valve fucked up.
It doesnt matter that it wasnt one of their own code monkeys that fucked up, they where the ones that hired the 3rd party monkeys and they should have made damn well sure that those dont fuck up either.
As to the guy above that claims "what could ever happen?"
We live in a day and age where doxxing has become a REAL problem, where SWATTING has become an increasingly attractive thing for colossal douchebags, and it is only a matter of time till someone catches a bullet... i mean pets allready get killed in those incident when your dog decides to protect you from the invading dudes in tactical armor and guns shouting at you. You think those guys in SWAT will think twice about putting a bullet through your pet if it attacks them? Or you for that matter should you try to defend yourselfe?
And that is only the tip of the iceberg of shit people can do to you if they have your real name or only your phone number. If they have one of the two they will find out EVERYTHING about you.
Yes you might have that info posted somewhere on the internet for whatever reason, but before this no one could tie that information down to your Steam account, chances are more people on the net know you under one of your account names then your real name. But once they got your personal info its open season.
Never underestimate the douchebaggery of internet trolls.
Valve fucked up royaly and are even liably to a class action lawsuit in this case since they neglected to protect their custumers user data. Ofcourse someone has to sue first, wich in most cases like this wont happen, but that just shows that no... theres no difference.. it doesnt matter if it was a valve employe or someone they outsourced them to. Valve is responsible for their customer data and no one else.
Their customers bought from valve, gave their personal information to valve and trusted that valve would not fuck up.
Valve fucked up.
It doesnt matter that it wasnt one of their own code monkeys that fucked up, they where the ones that hired the 3rd party monkeys and they should have made damn well sure that those dont fuck up either.
As to the guy above that claims "what could ever happen?"
We live in a day and age where doxxing has become a REAL problem, where SWATTING has become an increasingly attractive thing for colossal douchebags, and it is only a matter of time till someone catches a bullet... i mean pets allready get killed in those incident when your dog decides to protect you from the invading dudes in tactical armor and guns shouting at you. You think those guys in SWAT will think twice about putting a bullet through your pet if it attacks them? Or you for that matter should you try to defend yourselfe?
And that is only the tip of the iceberg of shit people can do to you if they have your real name or only your phone number. If they have one of the two they will find out EVERYTHING about you.
Yes you might have that info posted somewhere on the internet for whatever reason, but before this no one could tie that information down to your Steam account, chances are more people on the net know you under one of your account names then your real name. But once they got your personal info its open season.
Never underestimate the douchebaggery of internet trolls.
Valve fucked up royaly and are even liably to a class action lawsuit in this case since they neglected to protect their custumers user data. Ofcourse someone has to sue first, wich in most cases like this wont happen, but that just shows that no... theres no difference.. it doesnt matter if it was a valve employe or someone they outsourced them to. Valve is responsible for their customer data and no one else.
So they responded far quicker and clearer than Sony and didnt try to lie about it?
Kinda. First Steam Sale in years where i didnt buy anything at all. Mostly because the things i wanted to buy werent low enough and i dont really care about the rest. so doubt those gimmicks you mention would have helped either.flying_whimsy said:
This is why pretty much any store i ever used online has a re-validation when doing the actual purchase.Steve the Pocket said:
and they are held accountable by change of peoples opinion of them, clearly. This was quite clearly a simply mistake of third party contractor that will be getting a lot of flack for this as it is. there is no need for beheading people.Sarge034 said:
Yes. Not only that, but SWAT did not even shoot when being shot at [http://bearingarms.com/oklahoma-police-chief-shot-apparent-swatting-raid-homeowner-wont-charged/]. SWAT people are not idiots that shoot first ask questions later.Karadalis said:
My real name and email adress is posted in my profile. Good luck.
So many people seems to be up in arms about this, but all I can think about is that one guy out there that fucked up trying to deal with this. Imagine yourself being that guy, doing his stuff like routine, then types , instead of . or something like that and the whole system goes highwire.
It was a huge mistake, sure, but while I don't know much about coding and all that, I know enough that a small simple mistake like forgetting to add something or misstyping something can have giant ripples. So Yea, can't really be mad, I just feel sorry for the guy.
It was a huge mistake, sure, but while I don't know much about coding and all that, I know enough that a small simple mistake like forgetting to add something or misstyping something can have giant ripples. So Yea, can't really be mad, I just feel sorry for the guy.
I'm not trying to start an argument here, but I do take issue with a couple of your points in regard to this.Strazdas said:
I do agree, SWAT officers aren't idiots. But a lot of them do have a self-preservation instinct. Just because one officer in Oklahoma didn't shoot back doesn't mean that applies to the United States, nor in fact globally, which is how broad-reaching this issue affected. Do you think a Russian OMON squad might be as forgiving about a SWATting incident as this chief might be?Strazdas said:
And were it only your real name and email involved in the leak, you'd likely be okay. A lot of people didn't have just that leaked though. And I'm going to guess the name in your profile likely isn't your full name, given most people have a last name.Strazdas said:
Full disclosure, I had items in my cart that day. I had made purchases in the days leading up to, and indeed the day of, that leak. It's not just my real name and email that were potentially leaked, from what I have been able to gather.
My name, contact address, full email, paypal email, contact phone number, and country were all potential discoveries from that leak that day. And that's only because I used Paypal instead of my credit card directly, because I am completely averse to leaving my credit card info anywhere that isn't behind a wall. And yes, I know if Paypal were hacked, that all of that information would be leaked, but at this point, reducing it to one website as opposed to several is a risk I'm fully accepting of.
So, are you fully willing to share your full name, email, contact phone number, physical address, and Paypal associated email/last four numbers of your credit card right here, where anyone with a Steam account can see it?
Because if you aren't, then no. Your first name and email address on your Escapist profile is not the same as the personal information that was potentially leaked. And I wish people would recognise that.
nor will all people swatted be shooting at officers barging in the door. The point is that SWAT, or OMON or whatever other locan team you want are specifically trained to asses situations quickly and dont just randomly shoot all civilians.theSovietConnection said:
The person said that knowing only my name is enough to find out everything about me. this is patently false. The name in my profile is my first name but you could easily google my second one just by my nick alone. its no secret.
As for your list of information:
Name - no.
Contact Address - only if you explicitly entered it, which i actually never heard anyone do on steam as its not needed. unless you need it for tax reasons or something.
Email - if you have entered contact email. Most people do.
Payapal email - yes, if you have linked your paypal account to your steam account. Note that you do not have to link accounts to purchase from steam via paypal. If you do not link you will have to enter it every time you make a purchase though. for most people it will be the same email as above.
Phone - no, only last 4 digits.
Country - yes.
If you used credit card, only the last 4 numbers of your credit card number would be visible, making it unusable. (i also have same police with paypal as you btw).
My full name and Email is no secret. My physical address can be found in a phone book or public registry. I do not share my phone solely because i use it as minimally as i can, id rather people email me instead.
i was not equating my information to that leaked on steam, i was calling out the nonsensical statement that having only somones name is enough to find out EVERYTHING about them.