Support NeoGAF

[Sianos]

Er...didn't they just launch 2 hardware products? Guessing they have OS updates too. Not fair to keep painting them as just hat makers.

True, and when they do create games I always love their spark of originality and level of polish.

But their lack of coordination creates many problems, from retroactively destroying beautiful art styles to poor balancing decisions to nonexistent customer service.

Some of this is due to growing pains as they expand into hardware, but honestly Valve has always been terrible about this.

If Valve didn't have so many brilliant moments I wouldn't care at all, I want for them and their creativity to flourish - but part of that is pointing out recurrent problems.

 

[therapist]

Phone can be intrusive if people want to harass you. Last 4 of credit card is worthless.

No , it can be used to get more information - its not useless , especially accompanied with a name / address / last 4 of phone number.

Its sad that valve hasn't even made a statement i think thats what most people are upset about and its justified

 

[Reg]

Just woke up. Any official response? Should I change my credit card info?

edit: aight no response from valve. Pretty damn pathetic.

 

[d1rtn4p]

Being able to view someone else's account is a huge issue.

Why? I mean, besides a breach in confidentiality, which I agree can have some contractual or privacy related impacts for Valve. I guess if you want to try hard enough, you might be able to social engineer a Valve rep, but to what end result?

Probably cause I've done IT security for some of the largest companies out there for so long, I might be desensitized to this stuff.

 

[fantomena]

I bet Valve is not saying shit about the security fuckup in hope that everyone forgets it.

Fuck Valve. No aplogoy, no official response, not anything.

That a 3rd party (SteamDB) is what kinda turned into being Steams PR is pathehtic by Valve.

 

[Diffense]

Phone is added to a pool using some other identifier (any piece of related data like postal or zip code) and then sold to canvassing companies. Those companies are under no obligation to keep your info safe and can sell it onto others, and so on.

What people don't seem to get is that the fact that the data is linked is more important than the individual pieces. As a result of this breach someone will know a name, address, email, and possibly part of a CC number all linked to a Steam account. That's very different from learning a random email address or getting a random CC number.

 

[Reebot]

Valve's "response" is absolutely unacceptable. Hopefully the EU can threaten them with legal action because that's the only way I see them finally fixing their broken customer service.

In just about any western legal system I'm familiar with this is an open and shut case for the consumer. Valve has really screwed the pooch.

 

[Sgt.Pepper]

Valve has always been utter shit at anything involving the community. Every time they do something, they'd rather let the community manage themselves and keep their hands off approach, until they are are "forced" to do or say something.

Let's see what they will say this time after 24hrs+

 

[cyba89]

Probably cause I've done IT security for some of the largest companies out there for so long, I might be desensitized to this stuff.

Wait a minute. You're into IT security for large companies and say stuff like phone number or last 4 digits of credit card is worthless?

 

[Reebot]

Wait a minute. You're into IT security for large companies and say stuff like last 4 digits of credit card is worthless?

This might be a "my dad works for Nintendo" type fib. Or someone just really bad at their job.

 

[Savitar]

Why? I mean, besides a breach in confidentiality, which I agree can have some contractual or privacy related impacts for Valve. I guess if you want to try hard enough, you might be able to social engineer a Valve rep, but to what end result?

Probably cause I've done IT security for some of the largest companies out there for so long, I might be desensitized to this stuff.

I'm not calling BS but......I'm calling BS.

 

[DeepEnigma]

Valve has always been utter shit at anything involving the community. Every time they do something, they'd rather let the community manage themselves and keep their hands off approach, until they are are "forced" to do or say something.

Let's see what they will say this time after 24hrs+

Don't worry, their community is writing up their PR response as we speak.

 

[Diffense]

Wait a minute. You're into IT security for large companies and say stuff like phone number or last 4 digits of credit card is worthless?

Doesn't exactly inspire confidence does it....

 

[Hedja]

How is there not a giant message on Steam right now? This is absolutely nuts.

Knowing how slow and poor Valve's customer service is, they are all probably on Christmas break and there's no one capable of putting out a statement of that sort. This isn't even the first time it happened. In fact, their silence is completely normal and expected.

It just sucks that they have such a huge monopoly and we don't have an alternative we can use to protest their horrible service. It's one of the best examples of why competition is a good thing.

 

[Gaz Pwnage]

Why? I mean, besides a breach in confidentiality, which I agree can have some contractual or privacy related impacts for Valve. I guess if you want to try hard enough, you might be able to social engineer a Valve rep, but to what end result?

Probably cause I've done IT security for some of the largest companies out there for so long, I might be desensitized to this stuff.

Wait a minute. You're into IT security for large companies and say stuff like phone number or last 4 digits of credit card is worthless?

Wow. This is like one of those nightmare network guy stories you would read about on /r/TalesFromTechSupport

 

[Sianos]

Hey, if you worked in security you wouldn't want people to be paranoid about everything, right? It would make your job harder.

Any leak of personal information is unacceptable, even if in this case it wasn't as much of a disaster as it could have potentially been. Yeah, it could have been even worse in terms of what was leaked such as full credit card numbers, but this is still unacceptably bad.

Basically, saying "well only some of your personal information was leaked as opposed to all of it" does not excuse the situation, even if all of it being leaked would have indeed been worse.

This is directed at the point "phone number and address is bad, but what about..."

 

[Arthea]

This thread gave me a headache. I don't know, can people be so naive or so ignorant? Seems not possible.

No, our personal info isn't available for everyone that wants it on the web.

No, it's not "nothing" or "not a big deal" if you personal info, especially all of it, is available for all to see.

Some people may freely share their personal info and be fine with it, but many aren't.

Yes, breaches happen all the time, it happens to many services, it doesn't make it right or not big deal. On the contrary, it is a big deal, that's why companies spend millions on security measures.

Do you know how much harm can be done with this much personal information?

Do you know how all those so exposed people feel right now? Can you perhaps imagine it?

It's not OK to just brush it aside, as if nothing happened.

Trust is really hard to earn and extremely easy to lose, online too.

 

[daviyoung]

What people don't seem to get is that the fact that the data is linked is more important than the individual pieces. As a result of this breach someone will know a name, address, email, and possibly part of a CC number all linked to a Steam account. That's very different from learning a random email address or getting a random CC number.

That's it. There are companies dedicated to capturing these lists. They may just have an email, well now they have an email AND a phone number. When they get a phone number AND an address they have all 3 and you start to get a profile built for you for the purposes of marketing and canvassing and harrassing and, in worst case, fraudulent activity and other crimes. None of this is of your choosing.

Valve gave this a good boost last night if someone saved any info and passed it onto the right people.

 

[NoblesseOblige]

Why? I mean, besides a breach in confidentiality, which I agree can have some contractual or privacy related impacts for Valve. I guess if you want to try hard enough, you might be able to social engineer a Valve rep, but to what end result?

Probably cause I've done IT security for some of the largest companies out there for so long, I might be desensitized to this stuff.

Are one of those companies Valve by chance?

 

[d1rtn4p]

Why? I mean, besides a breach in confidentiality, which I agree can have some contractual or privacy related impacts for Valve. I guess if you want to try hard enough, you might be able to social engineer a Valve rep, but to what end result?

Probably cause I've done IT security for some of the largest companies out there for so long, I might be desensitized to this stuff.

Wait a minute. You're into IT security for large companies and say stuff like phone number or last 4 digits of credit card is worthless?

Well. You going to give me a use case to be concerned with? Whole credit card numbers go for about a quarter on the black market. Useless without the expiration date and CVV code.

Throw in a address and phone number, I'm trying to think what someone could infer from that. My account could have been comprised because of this and I'm just not worried yet

Now if they get something like your social and your name, birth date, and zip code, then you could have identity theft problems.

 

[Fantastical]

Why does Steam keep saying my account credentials have changed? I can still log in. I changed my password.

 

[Sianos]

Name and zip code were demonstrably a part of the leaks as well, at least from the "edit your info page".

 

[Disaster Nebraska]

Well. You going to give me a use case to be concerned with? Whole credit card numbers go for about a quarter on the black market. Useless without the expiration date and CVV code.

Throw in a address and phone number, I'm trying to think what someone could infer from that. My account could have been comprised because of this and I'm just not worried yet

Now if they get something like your social and your name, birth date, and zip code, then you could have identity theft problems.

Fuck off. We have a real issue here and you're playing corporate apologist while claiming to work for a huge IT security firm. I also work for a "huge web host" and we get daily attempts of people using names, email addresses, and last 4 of their CC to social engineer access to accounts.

 

[Reebot]

Now if they get something like your social and your name, birth date, and zip code, then you could have identity theft problems.

Oh, so at minimum they're halfway there? Wow, thanks Valve!

This apologist nonsense is so embarrassing to read.

 

[whyman]

How is there not a giant message on Steam right now? This is absolutely nuts.

Because Valve thinks they are too big to fail. And they probably are...

 

[cyba89]

Well. You going to give me a use case to be concerned with? Whole credit card numbers go for about a quarter on the black market. Useless without the expiration date and CVV code.

Throw in a address and phone number, I'm trying to think what someone could infer from that. My account could have been comprised because of this and I'm just not worried yet

Now if they get something like your social and your name, birth date, and zip code, then you could have identity theft problems.

...
I really don't know if you're serious or just trolling us all.

 

[inky]

The apologists just don't stop coming...

 

[d1rtn4p]

...
I really don't know if you're serious or just trolling us all.

Mmmmm...I'll stop then. Simply trying to give people some comfort. I can tell the mob just wants blood at this point. Understandable.

 

[Animator]

Man the people who white knight Valve in this huge fuckup is a whole new breed of pathetic.

 

[daviyoung]

Mmmmm...I'll stop then. Simply trying to give people some comfort. I can tell the mob just wants blood at this point. Understandable.

How is saying Valve releasing 2/3 bits of info used for identity theft supposed to be comforting?

 

[Disaster Nebraska]

Mmmmm...I'll stop then. Simply trying to give people some comfort. I can tell the mob just wants blood at this point. Understandable.

Yeah the reactions are just "the mob". How pathetic.

 

[inky]

Mmmmm...I'll stop then. Simply trying to give people some comfort. I can tell the mob just wants blood at this point. Understandable.

Hmm, no.

People just want fools like you to:

a) Stop spouting bullshit
b) Valve to communicate better

none of which seems likely to happen soon...

 

[Sianos]

Mmmmm...I'll stop then. Simply trying to give people some comfort. I can tell the mob just wants blood at this point. Understandable.

Due to the nature of this particular leak I don't think there is a widespread threat of identity theft, but for those who were compromised and especially victims of harassment there is an unacceptable threat posed.

I don't think much will come of this particular incident, but at the same time the leak could have been much worst and is still unacceptable.

There's a line between telling people not to panic on a wide scale because of the random nature of the leak and discounting the leak as what could have been a very serious incident that even as it was will still have some repercussions.

 

[human onion]

I don't think any equivalent of 'haters gonna hate' has ever been a good argument.

 

[Animator]

How is saying Valve releasing 2/3 bits of info used for identity theft supposed to be comforting?

But you see man, he is just "not worried yet". Everything is awesome!

 

[Dr.Acula]

Look at Chipotle. The problem for Chipotle isn't that people got sick, it's that they don't know what caused the sickness. They're cooking unions, bagging chicken, pre-chopping tomatoes, throwing the cilantro on the rice, they're scrambling.

To all the people that don't "get it," the fact that information that Valve wanted to keep private, suddenly became unprivate is a huge issue. Is this a simple issue where someone forgot to flip a value at the end, or is some system for handling customer data flawed at a very low level? I don't know, but Valve should know. They need to explain why the breach happened, not just acknowledge that it happened.

Fry them onions, Valve.

 

[dude]

Just be clear - If I use PayPal to pay for stuff on Steam, I only need to worry about my email and name being out there because of this, right...?

Man, Valve fucked up bad on this... How can they not release some statement, to at least inform me whether I have anything to worry about?

 

[cyba89]

Mmmmm...I'll stop then. Simply trying to give people some comfort. I can tell the mob just wants blood at this point. Understandable.

This "mob" how you call it, are concerned costumers of Valve's service whose personal data has been potentially exposed.
And they don't want blood, they want the people responsible for this (Valve) to come out and communicate details about this particular incident regarding their personal data.

And that's not even addressing all the steam users who, until now, not even know about this incident happened, because Valve communicated absolutely nothing through official channels.

 

[RM8]

I love Steam because it's cheap and has tons of games, but I can't see how anyone would "fanboy" Steam. It's a store and that's it, they deserve heat for this and people shouldn't be defending them.

 

[Slayven]

I think it will quite telling if by the end of next week Valve doesn't say anything.

 

[ElectricBlanketFire]

Just out of curiosity, was that guy banned for his bad opinion or for trolling?

 

[Ludens]

I think it will quite telling if by the end of next week Valve doesn't say anything.

End of next week? Lol, they need to say something as soon as possible, not waiting a whole week.

 

[Beefy]

How is saying Valve releasing 2/3 bits of info used for identity theft supposed to be comforting?

Shhh stop being part of the mob.

Spoiler

/s

 

[DeepEnigma]

I love Steam because it's cheap and has tons of games, but I can't see how anyone would "fanboy" Steam. It's a store and that's it, they deserve heat for this and people shouldn't be defending them.

It is the PC/Valve connection more so.

 

[kitch9]

How could this happen on Christmas day of all days?

You'd think that the last thing they would be fucking about with on that day is cache configuration...

 

[Slayven]

End of next week? Lol, they need to say something as soon as possible, not waiting a whole week.

giving them the benefit of the doubt. I always believe in giving folks plenty of rope

 

[Sgt.Pepper]

It is the PC/Valve connection more so.

Sadly, it is this.


I didn't see it at all here, but in reddit I saw a lot of post that something like PSN breach would not ever happen in PC.

While it is not the same, the fact it happened and showed sensitive information, it is quite alarming.

 

[wheeplash]

All this victim blaming man.. absolutely incredible.

 

[Boogdud]

Wait a minute. You're into IT security for large companies and say stuff like phone number or last 4 digits of credit card is worthless?

Well I am literally an IT security specialist for a Fortune 100 company and I can confirm, people's heads would roll for this. ...perhaps even literally. Anyone that says they're an "IT security" for large companies and isn't deeply concerned about this incident is in the wrong business.

 

[Big-E]

Thread title says this is fixed, is it or isn't it. Reading the latest updates is confusing as it makes it sound like its still broken.