Is anyone else having trouble logging in through the Steampowered site? I tried to login a few hours ago but I never received a Steam Guard e-mail. I've tried several times, of course. The Steam support page says that it can take up to three hours to recieve the e-mail, so now I'm going to contact their helpdesk. I hope it's just a bug or something and that noone has changed my Steam account's e-mail address...
edit: maybe i won't contact them after all, now that i've read that people have had lots of problem with steam overall
edit2: lol, it's even mentioned in that kotaku article *facepalm*
Kotaku now has another article up where the issue and the lack of communication by Valve is mentioned in the second half.
Steam Problems Linger After Christmas Fiasco
Heres hoping Valve clears up these issues soon. Heres hoping they also come to realize that you cant run a 125 million user (and counting) service like you would a game development project. Youve gotta be communicative round the clock and timely when addressing issues. Ive heard multiple Valve employees pose the (paraphrased) question, Why sit around saying things when we could use that time to fix problems, make stuff, or improve the service? But when youre running a storefront/service, thats a false dichotomy. Communication and speed are simply part of the service you offer. If its not there, you can have all the cool features in the world, but still offer a sub-par service. The short version? You cant run a store in Valve Time. Not when its as ubiquitous as Steam, anyway.
The kotaku article mentions mobile client verification work around, does anyone know how to do this?
That sort of response articulates exactly what's wrong with Valve right now. Just tinker away, fix the issue and pretend that communication doesn't need to happen.
Grayson is absolutely correct in this article. You can't just engineer/develop/fix away the need to communicate to your customers. Valve's eccentric nature simply cannot apply to security breaches, storefront problems and everything else that Steam encapsulates.
I completely agree with them; not their fault if customers are too irrational to realize that the time would better be spent just fixing the issue. If they lose customers because of it, I guess its their problem, but I have a feeling that their core business is strong enough that they probably won't feel a hit.
I completely agree with them; not their fault if customers are too irrational to realize that the time would better be spent just fixing the issue. If they lose customers because of it, I guess its their problem, but I have a feeling that their core business is strong enough that they probably won't feel a hit.
This attitude is fine for a while if you have a stranglehold on a market like Valve does, but eventually it just leaves you open to smaller innovators who will copy what you did but provide it cheaper or with better service.I completely agree with them; not their fault if customers are too irrational to realize that the time would better be spent just fixing the issue. If they lose customers because of it, I guess its their problem, but I have a feeling that their core business is strong enough that they probably won't feel a hit.
What are you talking about? IT specialists aren't doing PR, nor PR/Support does anything to fix the issue. Valve does not need to shift resources from fixing problems to give an official statement of the situation.
Valve can't just fix the security breach and walk away like nothing needs to be said. Half the "fix" in this situation is informing users of the breach as soon as possible - especially the ones known to be affected - and telling them what was accessed and how bad or good the situation looks. This takes priority over getting the store back up.
This isn't just playing around with a little hobby website on the side, where technical issues are no big deal. This involves a storefront, with monetary value and personal data involved. Proper channels of communication is bare minimum stuff when playing with big boy software, something Valve might want to pretend they're not involved in producing.
This attitude is fine for a while if you have a stranglehold on a market like Valve does, but eventually it just leaves you open to smaller innovators who will copy what you did but provide it cheaper or with better service.
Business 101.
Does Valve even have dedicated PR? Last I checked they did not, so yes, you're asking them to shift resources that could otherwise be allocated to more support, IT or development.
Sure they can. If the issue is fixed, that's that. You can't un-breach the information, and informing users has of it has already occurred. Any sort of messaging afterwards is simply a PR requirement and nothing more; if they choose not to do it, fine. If people want to be compensated for the breach or some shit, that will happen regardless of whatever message they put out. If people want to stop using Steam because they want to hear PR, fine, that's obviously a risk Valve is willing to take. All this outrage over how they run their business is ridiculous.
Definitely, but that's Valve's problem. People saying they're angry on a personal level and 'Valve needs to get their shit together' make no sense to me.
Informing your customer base their information has been leaked by your shoddy storefront within an acceptable timeframe is a requirement of many governing bodies around the world and I hope they drag Valve's feet over molten rakes.
There's no defending this level of 'swept under the carpet', especially with an absurd line like "well Valve hasn't bothered to pay a PR/Customer Support outlet a wage, so what can you do!!".
If this was any other corporation they would be getting it both barrels right now. Shameful.
They released a statement within hours, did they not? Or am I misinformed? What is an acceptable timeframe to you / these governing bodies?
Sure they can. If the issue is fixed, that's that. You can't un-breach the information, and informing users has of it has already occurred. Any sort of messaging afterwards is simply a PR requirement and nothing more; if they choose not to do it, fine. If people want to be compensated for the breach or some shit, that will happen regardless of whatever message they put out. If people want to stop using Steam because they want to hear PR, fine, that's obviously a risk Valve is willing to take. All this outrage over how they run their business is ridiculous.
How safe is it to tie my mobile phone to my account. Should I do it?
I'd only do it if it provides extra security.
They released a statement within hours, did they not? Or am I misinformed? What is an acceptable timeframe to you / these governing bodies?
They released "a statement" to Kotaku and then that statement was either released to or picked up by other gaming websites.They released a statement within hours, did they not? Or am I misinformed? What is an acceptable timeframe to you / these governing bodies?
Things that are wrong with this statement:Valve said:Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.
It's time for valve to start hiring.
I haven't put a lot of thought into it (would have to weigh the demonstrative / moral benefits of that kind of boycott versus what I'd be giving up and whether or not they'd be likely to get the message). As I mentioned earlier in response to bjork, reacting to a security breach by updating your belief about the likelihood of future security breaches is a little silly irrespective of who it is. That's just basic inference; you don't evaluate an airline's safety based on the date of its most recent crash, but rather based on its safety record. So I don't think people are likely to be hacked tomorrow. But I think what you're driving at is not the specific security risk but rather the indignity of Valve's inability to respond in a helpful way.
The number one thing I'm thinking reflecting on this is to start using fake addresses/names wherever I register online. Providing accurate information doesn't seem to benefit me in any way and providing inaccurate information keeps me safe in the event of a breach.
Things that are wrong with this statement:
- No mention of the fact personal information was compromised. "Pages generated for other users" could mean anything (wishlists? Marketplace?), and I suspect it has been left deliberately broad to attempt to sweep the issue under the carpet.
- "A period of less than an hour" - There was evidence available well before this demonstrating the problem was around for a longer time period.
- "No unauthorised actions were allowed on accounts" - while this may be the case, no mention of the possible security implications of the leaking of personal data.
- No apology
It's time for valve to start hiring.
The silence is why I'm done buying games through Steam. I could forgive the original issue, but the silence makes Valve a shit company as far as I'm concerned.
Is anyone able to get an email from steam (code) to verify your account when logging in via web?
I never receive the email :/
So i cant login, only in the client software..
I am personally very disappointed in Valve's handling of this fiasco. Here is a problem, what are the alternatives?
It's not a necessity in any legal sense, in that they won't get in any trouble over it, but they absolutely should apologise. Causing your customers' private personal information to leak and then going "Move along now, nothing to see here" isn't acceptable, and they should be acknowledging that along with the rest of the points people have raised since their piss-poor 'statement'.I don't even think the apology is necessary.
I specifically remember receiving shit for suggesting that Steam needed competition (from everywhere, not just on GAF) for the simple reason that they can fuck up and we need other major players.
Hell, it's why I hoped Microsoft would get off their ass and directly compete with them. The fact that we didn't get a store wide warning at first really pissed me off.
They replied to a games website when quizzed for a quote. They sent out no blanket email to their millions of customers to make sure those not dick-deep into internet messageboard culture were aware anything happened whatsoever.
Basically they're going to be in deep embarrassing shit and deserve to get a 6 figure fine just to buck their ideas up.
The users have not been informed. They released a statement to Kotaku that went against most users experience of the breach and answered no questions. I mean, on this very page we have Stump contacting Tech Support with very reasonable questions about the nature of breach that he has yet to have answers for.
This isn't a PR requirement. This is a technical requirement that resolves around people's right to know what happened to their formerly private data - which they gave to Steam with the understanding that it would remain private. The data cannot be unbreached, therefore the next fix on the agenda is to contact the users involved and/or release a public statement. Informing the users is part of the technical fix for security breaches.
That statement contains false information, basically ignores the exposure of personal user data and was not put out through any of their official channels.
Well, GoG and Origin are working on it but both have issues. Not sure EA is better then Valve but they are at least more professional.
I am personally very disappointed in Valve's handling of this fiasco. Here is a problem, what are the alternatives?
-GoG: limited game selection, no two-factor auth of any kind. No ability to purchase "GoG cards" if needed.
- Origin: limited game selection, sales are meh, two factor is there with phone verification I believe.
- Uplay: Hah
- Humble/Amazon/etc: not storefronts.
So it's an issue as Steam is the only solution for a lot of games. It's annoying for certain. Personally I am changing my info to fake, using steam guard on work phone vs personal and using steam cards instead (from now on).
I will also endeavor to purchase games on GoG first but they are vulnerable as well, IMO, just not targeted.
It's not a necessity in any legal sense, in that they won't get in any trouble over it, but they absolutely should apologise. Causing your customers' private personal information to leak and then going "Move along now, nothing to see here" isn't acceptable, and they should be acknowledging that along with the rest of the points people have raised since their piss-poor 'statement'.
It's almost impressive how many faults there is with that short statement.They released "a statement" to Kotaku and then that statement was either released to or picked up by other gaming websites.
At no point did they deem it necessary to inform their actual customers, and they still haven't. If those customers don't read Kotaku/Gamespot/[insert site here], they will be none the wiser about what has happened.
That's not to mention the actual statement was woefully inadequate, contained misinformation, and omitted crucial details (possibly deliberately?). Valve's statement:
Things that are wrong with this statement:
- No mention of the fact personal information was compromised. "Pages generated for other users" could mean anything (wishlists? Marketplace?), and I suspect it has been left deliberately broad to attempt to sweep the issue under the carpet.
- "A period of less than an hour" - There was evidence available well before this demonstrating the problem was around for a longer time period.
- "No unauthorised actions were allowed on accounts" - while this may be the case, no mention of the possible security implications of the leaking of personal data.
- No apology
A more accurate statement would be: "a caching issue allowed anyone with internet access to see pages generated for random Steam users"a caching issue allowed some users to randomly see pages generated for other users
Sure they can. If the issue is fixed, that's that.
How safe is it to tie my mobile phone to my account. Should I do it?
I'd only do it if it provides extra security.
I specifically remember receiving shit for suggesting that Steam needed competition (from everywhere, not just on GAF) for the simple reason that they can fuck up and we need other major players.
I specifically remember receiving shit for suggesting that Steam needed competition (from everywhere, not just on GAF) for the simple reason that they can fuck up and we need other major players.
Hell, it's why I hoped Microsoft would get off their ass and directly compete with them. The fact that we didn't get a store wide warning at first really pissed me off.
I specifically remember receiving shit for suggesting that Steam needed competition (from everywhere, not just on GAF) for the simple reason that they can fuck up and we need other major players.
Hell, it's why I hoped Microsoft would get off their ass and directly compete with them. The fact that we didn't get a store wide warning at first really pissed me off.
The shift in attitudes has been slow. Suggesting that Steam needed competition five years ago (or even three) resulted in being labeled entitled or ignorant of how PC gaming used to be. A few years later and people are coming around a bit more, but not by much and not by a significant amount, it seems.
Even people that are pretty dedicated fans of Steam should want competition. Valve being pushed to make Steam a better platform (and in some cases like CS, a competent platform) is good for everybody.
the only problem with competition is people expect you to use it, and so far none of the alternative gaming services have been worth a damn.
But steam hasn't made the best of this, and I'm not happy with what happened or how Valve has responded.
Eh, I think Origin's pretty good, and the occasional on the house game is pretty sweet. Customer Service is also light years beyond Steam and GoG.
Even people that are pretty dedicated fans of Steam should want competition.
Eh, I think Origin's pretty good, and the occasional on the house game is pretty sweet. Customer Service is also light years beyond Steam and GoG.
EA has decent customer service and origin is fine. I hope I never have to use vavle's customer service.Well, GoG and Origin are working on it but both have issues. Not sure EA is better then Valve but they are at least more professional.
I'd imagine that there are few positions that have recently opened up.
I read on the steam community hub a lot of people started receiving phone calls and spam mails after this mess, and still Valve says nothing.