Steam hacked

[Soviet]

All usernames, emails, passwords, billing addresses and payment info was stolen.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

Learn to read?

[[SoE]_Zaitsev]

I've read it earlier today, just have to change passwords to be safe.

[iCYsoldier]

FFS

[Sonic]

Good thing I don't use steam.

[F |Madness| U]

Tryed to log onto my email address connected to my steam (very old email address) and said that my account is blocked, don't know if this is because of steam or not, but may be worth checking your email account that is linked to steam.

[Pedsdude]

Changed my password + secret question. AFAIK I've only ever used PayPal to buy games on Steam, not card details, so should be alright.

[ultralala]

there is something called Steamguard. Nobody is able to enter your steam account from a different machine if your email is safe

[[SoE]_Zaitsev]

What Ultra said.

[Drofder2004]

All usernames, emails, passwords, billing addresses and payment info was stolen.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

Learn to read?

Not sure what you are getting at.

1. Just because the stuff was encrypted, hashed or salted it doesnt mean it will be impossible to decrypt the data.
2. Emails and home addresses with REAL names... You can change your passwords all you want, but you could easily be on the receiving end of more attacks. Spam/phising emails, spam/scam snail mail.

For a company as large as this, security I would fee should be top of the interests tree.

"We do not have evidence" - Tip #1 in the guidebook to theft, is don't leave evidence, its hardly convincing that the lack of evidence is a sign of no problems...

[<LT>YosemiteSam[NL]]

Never bought anything on steam, so I'm in the clear

[Soviet]

Not sure what you are getting at.

1. Just because the stuff was encrypted, hashed or salted it doesnt mean it will be impossible to decrypt the data.
2. Emails and home addresses with REAL names... You can change your passwords all you want, but you could easily be on the receiving end of more attacks. Spam/phising emails, spam/scam snail mail.

For a company as large as this, security I would fee should be top of the interests tree.

"We do not have evidence" - Tip #1 in the guidebook to theft, is don't leave evidence, its hardly convincing that the lack of evidence is a sign of no problems...

So because you've reached this conclusion that it is possible for them to have committed these actions without the knowledge of Valve, it can therefore be determined with absolute certainty that they did in fact take all this data and are in fact capable of decrypting it all? What KS did is essentially the same as a news station taking an article saying "there is a witness saying Person A was seen at Terrorist Attack B" and turning it into "Confirmed: Person A Blows Up B." It's baseless, sensationalized bullshit.

And yes, I'm taking Steam's side, so don't fucking start. I figured it's only fair given the idiotic banter of single-minded simpletons picking a side on baseless and irrational pretenses.

[Drofder2004]

Fine, Sam said "stolen" when technically speaking we have no evidence of it leaving the building.
But how many people here would allow a known thief wander around your house, opening your drawers and cupboards?

Facts:
1. Valve was hacked
2. The forums were defaced/changed
3. Some accounts were compromised
4. The database containing personal detail was accessed

Currently unknown
1. Whether the data was downloaded
2. Whether the hackers are able to decrypt our card details

Reasonable assumption:
1. If accounts were compromised, then the database was accessed and passwords were (most likely) changed to allow for access to accounts
2. Valve is not doing everything in its power to keep the database secure
3. IF the database was downloaded, it would be reasonable to assume malicious intent, either involving fraud, spam or information selling.

Making a reasonable assumption is not a stupid idea, living with hindsight is moronic however.
Better to be safe, than sorry.

If you feel safe enough to continue using the same passwords, then thats up to you, but VALVE has asked us to change our passwords and any site where you may have used the same password. They have done this for a reason, damage limitation or more knowledge than released, thats up to you to believe.

[Soviet]

The only company I've seen that hasn't lost to hackers so far is Facebook, and even that is controversial. Steam being another doesn't necessarily speak well for them, but it also doesn't put them in some unique group by themselves.

You can assume the worse all you want and it is wise to, but to state unfounded results as distinct facts is sensationalizing.

Also, as stated previously in the thread, Steamguard + Paypal. It doesn't effect me.

[Drofder2004]

Correct, they are not unique. I would be just as pissed at any and every other billion dollar company not protecting my data.

[Soviet]

Again, big difference between not protecting and failing to protect.