Steam Databases Compromised; Password Changes Recommended

[Rob Williams]

If you have an account over at Steam or are a member of the forums there, consider this a PSA. On Sunday, the Steam forums were compromised by a group known as 'Fkn0wned', and announcements were altered to link back to their website. At the same time, the group used vBulletin's built-in mass-mailer feature and sent spam to many members (including me).

Read the rest of our post and then discuss it here!

 

[TheCrimsonStar]

Never got an email...lol

 

[Rob Williams]

I think I made a mistake... the e-mails seem to have just gone out to the press. Not ideal...

 

[OriginalJoeCool]

I didn't get one, either. Just the notification when I opened up Steam.

 

[Kougar]

The database was encrypted... but as I've told a few people that pointed it out, how often does your credit card number change? A year or two from now most people will still have the same CC information, so any brute force attack on the database is still a strong concern.

I didn't get one, either. Just the notification when I opened up Steam.

Some people have not even received those! I have not received any email OR steam notification about this... utterly unacceptable, because it means others haven't as well.

 

[Rob Williams]

Did you turn off notifications in Steam? If you do that you won't get the pop-up (Settings > Interface > Notify).

 

[TheCrimsonStar]

Did you turn off notifications in Steam? If you do that you won't get the pop-up (Settings > Interface > Notify).

Mine's turned on, no notification for me.

 

[Optix]

No credit card info in my account anyway since I haven't bought a game through them yet. Hehehe. I'm cheap but I'll still be changing my passwords. I use the same password for too many sites so it's about time I step up and protect my info.

 

[RainMotorsports]

The database was encrypted... but as I've told a few people that pointed it out, how often does your credit card number change? A year or two from now most people will still have the same CC information, so any brute force attack on the database is still a strong concern.

Actually Bank of America just sent people out new cards due to an unrelated case of card number theft. I haven't used it on the account yet.

 

[marfig]

Mine's turned on, no notification for me.

Yeah. But even if it was turned off, this is the one type of notification that should trump that setting.

No email here either. No excuses. The fact this information is being sent to the press only (and apparently only to a small number of users) is not good. Unacceptable even.

I don't want to think Valve is going to start being callous about security issues in what it pertains to informing their customers. Yeah, it's always an embarrassment to be hacked. Especially when you are such a high profile service. But suck it up! Don't start spreading the seed of mistrust and fear within your user base. (And no, not everyone uses the steam forums to see that message).

Thankfully the Steam lot is, generally, an informed community that follows news sites and catches up to these pieces of news quickly. But it's quite unacceptable from a customer point of view that I learn from Steam hacking from a news site and not from the company providing the service. This is exactly the behavior we condemn on so many other services. Is Steam one of them? Well, for sure they were with this one.

EDIT: I changed my password to NotSoSecured,AreWeSteam?. But let this never happen again. Or next time it will be GabeNewellIsFullofItAndI'mASuckerToBelieveInAllThatCrap.

 

[Kougar]

Actually Bank of America just sent people out new cards due to an unrelated case of card number theft. I haven't used it on the account yet.

Hah, well I guess there's a silver lining for you then! But most CC's just don't change unless it was stolen and replaced already. Which means I'm probably jinxing myself by saying I've had the same CC numbers for more than just a few years now....

Did you turn off notifications in Steam? If you do that you won't get the pop-up (Settings > Interface > Notify).

I'm not that stupid! Well, usually.

If anyone leaves Steam running in the systray and never reboots their system except once every few weeks, then they don't receive ANY notifications unless they restart the program first. Small oversight in design, but in a case such as this where they are pushing more than sales and event advertisements through it, it becomes a problem. But as Marfig said, an issues such as this should trump a disabled notification setting regardless.

I made sure to inform my immediate friends, but quite a few hadn't heard about this yet either.

 

[RainMotorsports]

If anyone leaves Steam running in the systray and never reboots their system except once every few weeks, then they don't receive ANY notifications unless they restart the program first. Small oversight in design, but in a case such as this where they are pushing more than sales and event advertisements through it, it becomes a problem. But as Marfig said, an issues such as this should trump a disabled notification setting regardless.

I made sure to inform my immediate friends, but quite a few hadn't heard about this yet either.

Probably why i didn't get it either. My friend that I informed is the same way and usually 2 days behind me on the news.

Oh is my free year of identity theft protection from the PSN deal still ticking or has it been a year yet? I don't think I even completed the sign up sadly.