Support NeoGAF

[Woffls]

I think removing pre-authorisation from a linked PayPal account is a good idea. Don't know how it would do anything but prevent transactions from being authorised.

If this is a caching issue, then presumably we just want to avoid doing anything with our accounts, because the pages will end up being cached and, therefore, exposed. [edit] Unless you do actually manage to remove information, because that would hopefully flush out the old cached data. Seems difficult to change own settings, though, so may not be worth trying.

 

[TronLight]

Just checked on the Steam mobile app. Now going to Account Details throws an error message back. Looks like they shut it down. Still, completely unacceptable response time.

Valve time applies to everything!

 

[Joqu]

Yeah, things are down for me too now. FINALLY

Why the fuck did it take them so long?? They better give us some answers after this

 

[RyanW]

So just to be sure, nothing can be done with the limited info that's viewable, right? And nothing can be bought by other people with your account or is that still unconfirmed?

 

[Haunted]

I didn't get any emails from Steam Guard or Valve so it doesn't look like anyone tried anything with my account (phew), but it's damn scary to know that the information is out there and possibly accessable by someone.

 

[Duffman]

Looks like they finally shut it down

 

[Anteo]

I'm guessing if I dont do anything I should be fine? Anyways the worst they could do is get my steam email account. Passwords are different, I'm using debit card and it doenst allow for overdraft, I got like 2 dolars on it.

Can I play games?

 

[Steel]

Damn.

I just bought some stuff from Steam. I hope I'm gonna be okay.

If you did it in the last hour or so you might've purchased it on someone elses account...

 

[kAmui-]

They finally shut it down!

Community side seems to be working. Can't access store though so that's something.

 

[jacobeid]

As if PSN hadn't been massively attacked and breached in the past. Take that console war shit somewhere else.

Console war or not, PSN wasn't even 1/10th as bad as this.

 

[ItIsOkBro]

Looks like they finally shut it down

And it only took one hour

 

[BHK3]

As if PSN hadn't been massively attacked and breached in the past. Take that console war shit somewhere else.

Yet every christmas everything gets taken down and shit gets slowed down on all fronts. PSN nothing was stolen, just no online for a month, chill out.

 

[Grisby]

I log off gaf for a while and damn, come back and steam is on fire.

 

[RoyalFool]

Some people say it's a caching issue, but what's the point in caching the transaction list from a server point of view? Every user has got its unique page and I doubt it is a page with heavy traffic.

Does that mean that if I haven't visited that page in a while my account details will be safe?

Yes, and normally you have server side caching somewhere (or something like steam probably even has a proxy cache somewhere). Then when you generate a page you set a header which tells it if it's safe to cache or not. It's likely an automated update fucked part of this up so it was just caching account pages which, for the reason you say - should never need to be cached anyway.

 

[Mad Season]

Steam really needs to fix their account security

 

[FyreWulff]

So just to be sure, nothing can be done with the limited info that's viewable, right? And nothing can be bought by other people with your account or is that still unconfirmed?

Home address and email is enough to compromise a lot of things

 

[Relaxed Muscle]

wait wait WAT

I just cancel the aprobed payments option from my paypal account, that can't affect me, right?

 

[robotrock]

It takes a while to wash up after Christmas dinner.

Do people really do Christmas dinner that early? I know some people do Thanksgiving lunch instead of dinner, which is insanity.

Especially in Seattle, no way they did Christmas dinner at 1pm.

 

[Fireblend]

Again, what SteamDB was saying is don't login to Steam because then the pages you visit will enter the cache rotation, which is where those breaches are comming from.

Reposting.

 

[KZXcellent]

Why is an unofficial Twitter account running a third party site the one doing the support for this issue?

Cause Valve support is garbage. Had nothing but terrible experiences when using it.

 

[Mr_Zombie]

And that's only if you don't switch to a new account by clicking any button.

That's not true. I was stuck on few accounts for several minutes (going through various pages and going back to the account details) and before someone at Valve noticed something was wrong and blocked things like buying stuff and editing profiles, god knows what could anyone do. And we already have few people in this thread who claimed that they were able to modify user's details (delete CC/PayPal) or see full account info (including full phone number).

 

[fantomena]

Tried to check the account setting through the mobile app. It just gives me "an error occured....".

 

[Rebel Leader]

 

[trh]

As a person who works on a large enterprise network, it's highly unlikely that they have a single button capable of shutting things down. A large-scale commercial venture like this would likely have multiple redundancies and failovers in place to prevent a single-site issue from taking down the entire thing.

If this truly is a software issue somewhere, the engineers would need the back-end systems to continue running in order to troubleshoot and correct the issue, so the answer would likely be to shut down routes in the front-end DMZ routers and/or firewalls to prevent access from the outside. And then hopefully they have some way to VPN in outside of these front-end network components, or a bunch of software guys are going to have to head on-site to fix this.

There's a clip from NCIS where two people tag-team a keyboard to stop a hacker, and the silver haired chief dude just pulls the plug instead. Valve should take a cue from the foxxy daddy and pull the plug. NCIS knows what they're doing.

 

[Rival]

It wouldn't be the holidays without a massive hack of a major gaming platform. Glad I'm just chilling watching basketball.

 

[Trumpet909]

wait wait WAT

I just cancel the aprobed payments option from my paypal account, that can't affect me, right?

Just an FYI, that is not an official Steam/Valve account.

 

[DeaviL]

false

You can only see the last 4 numbers of your phone number used for the security check.

 

[Broken Joystick]

Clarification.

 

[Carn82]

So just to be sure, nothing can be done with the limited info that's viewable, right? And nothing can be bought by other people with your account or is that still unconfirmed?

having emailadresses and usernames is quite a thing

 

[PdotMichael]

It's crazy how such an unprofessional operating company is the leading one for digital distribution of games.

 

[Dr. Malik]

Console war or not, PSN wasn't even 1/10th as bad as this.

This is true

the public should shame and drag Steam as much as they did PSN since this is even worse

 

[Mimosa97]

Why did it take them + 45 minutes to shut down the servers ?

Wtf Valve WTF ???

 

[QuiteWhittle]

Worst part of these hacks is the second guessing of what information was stored or not.

 

[fluffydelusions]

Tried to check the account setting through the mobile app. It just gives me "an error occured....".

Yeah looks like they finally shut it down

 

[kami_sama]

wait wait WAT

I just cancel the aprobed payments option from my paypal account, that can't affect me, right?

Nope, that is completely in paypal's site.

 

[kulapik]

HL3 cancelled because all its budget is gonna get spent on lawsuits

 

[criesofthepast]

Regardless of it being Christmas day, this is a billion (or close?) dollar company. They absolutely have people working on Christmas day getting overtime. The response time was pretty bad.

 

[TronLight]

wait wait WAT

I just cancel the aprobed payments option from my paypal account, that can't affect me, right?

It shouldn't. The problem is on Valve's side, not PayPal's.

 

[Oracle Dragon]

Looks like the store is offline now, but other steam services still seem to be up.

 

[-MD-]

So anyone want to get back into console gaming?

 

[Mavromatis]

I assume if anybody buy anything with your wallet/stored info those will be added to your library and could be refunded but I'm not sure about gifts. Can gifts be refunded?

 

[SirMossyBloke]

Damn. One person's account it led me to has spent $13 grand on games. I can't imagine how angry he'd be if someone fucked with his account.

 

[mugurumakensei]

Some people say it's a caching issue, but what's the point in caching the transaction list from a server point of view? Every user has got its unique page and I doubt it is a page with heavy traffic.

Does that mean that if I haven't visited that page in a while my account details will be safe?

There are some things you would routinely cache. For example, the featured section. That's not going to change per user. Even the recommended content can be tailored and cached at the same time if you bucket everyone with similar enough tastes. However, you would typically not cache transaction history, account details, etc.

 

[Feichaw]

The way Valve is handling this situation is terrible.

I don't think I can trust them again. This is a major screw up.

 

[SolidSnakesMyStepDad]

Console war or not, PSN wasn't even 1/10th as bad as this.

Well that was up to 77 million accounts compromised. We don't quite know the severity of this yet.

 

[Blanquito]

"This is not a security breach"

Uh, yes, yes it is. Seeing other people's information is a security breach, whether or not you can change it.

Crazy stuff. Wonder what's actually going on.

 

[Dawg]

thanks kotaku

 

[ChryZ]

Anyone who used Steam in the last few hours should assume: Steam login, account email and PayPal email leaked, all can be used for further hacks. I'm going to replace my email addresses soon.

 

[Sawneeks]

It's going to be really interesting to watch what happens after this. Valve has a lot to explain.

 

[KZXcellent]

wait wait WAT

I just cancel the aprobed payments option from my paypal account, that can't affect me, right?

Nah you should be fine, they mean going into Steam and unlinking from there.

thanks kotaku

They need to get those clicks as soon as possible, there's no time to get the correct info.