Support NeoGAF

[Sn4ke_911]

thanks kotaku

Jason didn't know that, he was just trying to help.

Of course after that steam database tweet everyone can come out and point fingers at kotaku...

 

[Enter the Dragon Punch]

year of dreams turns into year of nightmares

 

[megalowho]

It's crazy how such an unprofessional operating company is the leading one for digital distribution of games.

I'm appalled some completely unaffiliated Twitter account is the only thing people can quote for information on what to do.

 

[fantomena]

False, no one was able to purchase anything.

How do you know?

 

[Darryl M R]

I hope it is just an issue with the cached information since less people will be affected. Hoping for the best. Did someone stumble upon this? Has this been an issue for awhile?

 

[Revolutionary]

Why is an unofficial Twitter account running a third party site the one doing the support for this issue?

This. Has Valve said anything??

 

[jacobeid]

What? How do you know how "bad" this is already?

PSN had millions of accounts compromised and complete credit card details stolen. There's no evidence to show this is worse yet.

Originally Posted by chrominance

From what I can tell, here's the information that could be compromised:

last 2 digits of your credit card
Paypal email address
amount in your Steam wallet
last four digits of your phone number
account email address
+ your country of residence.

Social engineering opportunities galore with this information.

Didn't happen with PSN.

 

[blankempathy]

Do people really do Christmas dinner that early? I know some people do Thanksgiving lunch instead of dinner, which is insanity.

Especially in Seattle, no way they did Christmas dinner at 1pm.

I just ate and I'm on the west coast.

 

[Fracas]

so I have my paypal linked to steam

hmm

 

[dity]

Console war or not, PSN wasn't even 1/10th as bad as this.

I remember the PSN event being more scary because it was people with malicious intent trying to gain access to my details and then spread it online.

 

[Xamtheking]

year of dreams turns into year of nightmares

Nightmares are a subset of dreams

 

[TyrantGuardian]

So, it seems you are safe if you didn't actually do the login process during this error, I guess? I was online the whole time since earlier today and have had no email activity.

 

[Mpl90]

Thank God it seems nothing loads now (just tried to see the account page on web). Too slow to react, but better sort things out now. Damn it, what a mess.

 

[Nzyme32]

Jason didn't know that, he was just trying to help.

Of course after that steam database tweet everyone can come out and point fingers at kotaku...

Very true.

 

[Head.spawn]

thanks kotaku

Slowtaku handing out bad info.

 

[Steel]

Is there any reason to expect this to be less fucked than the PSN situtiation those few years back? This seems way worse given how just about anyone can see this shit.

Well, I doubt it'll be down anywhere near as long, at least. It could be worse on the social engineering side of things, however.

 

[Deleted member 80556]

Jason didn't know that, he was just trying to help.

Of course after that steam database tweet everyone can come out and point fingers at kotaku...

Jason might not have posted that either.

 

[BHK3]

You forgot the security breach form 2011?

Let me repeat myself "PSN nothing was stolen, just no online for a month, chill out.". Same thing here, chill out. Some dudes got in and everyone blew the whole thing out of proportion, this is much worse because people's emails are somewhat publicized.

 

[Theorry]

Where do you unlink steam on the paypal site?

 

[tjohn86]

Not defending Valve in any way but the PSN hack was way worse than this. Attackers with malicious intent got actual database dumps in that attack.

There isn't even an attacker here, its just a leak.

 

[direct_quote]

And this is why I buy steam cards, after the psn fiasco. Sucks for the people that had their accounts compromised though. Valve should have shut this down immediately.

 

[Sojiro]

This is why I don't store my credit card info in any service. Not PSN, not Live, not Steam. Even stupid things like "my baby brother just purchased a lot of games on PSN by mashing X, I'm pissed!" I've seen.

I'm sure that info can still be hacked otherwise, but it doesn't hurt to be a little cautious about stuff like this.

And if it's displaying the info because you purchased something on the site, then it's time to just wait it out, I guess...

Yep same here. The few seconds it takes to put in my payment info is more than worth it when something like this happens. Whether it's Blizzard, Steam, or eShop, I have no problem manually entering info every purchase.

 

[CambriaRising]

False, no one had the ability to purchase items during the duration of the hack.

But they can still add funds. My friend just got charged $20 by Valve, had SteamGuard enabled.

 

[Rebel Leader]

Nothing on my email

 

[Mimosa97]

It didn't, they were shut down very early on. What we saw was the front end, that was only just now shut down, the back end was shut down a while ago cause they added error code pages. So far I still haven't seen evidence of money getting jacked or games being bought with credible evidence.

You couldn't buy games so that's not an issue. The issue is there are people who now know my e-mail adress + a bunch of personnal infos ... That's the scariest shit.

 

[Soyongdori]

 

[Big-ass Ramp]

which is more insulting, this type of mistake happening, or the complete silence from Valve?

 

[prwxv3]

Stop arguing what attack is worse.

 

[TheTux]

There are some things you would routinely cache. For example, the featured section. That's not going to change per user. Even the recommended content can be tailored and cached at the same time if you bucket everyone with similar enough tastes. However, you would typically not cache transaction history, account details, etc.

That's my point.

 

[Grisby]

Never log off GAF.

This taught me a life lesson.

 

[Striek]

And you'd be wrong. By the nature of the issue you put your own info at risk by visiting the page.

If I've already been on steam today (and I have, as have millions of others) then its already at risk.

 

[fluffydelusions]

Console war or not, PSN wasn't even 1/10th as bad as this.

Wait weren't all the CC #'s from PSN hack not encrypted? Here, I could only see the last 4. Plus I'm assuming if you had steamguard you should be ok?

 

[Corine]

Steam is around 75 million accounts, so it's at least (roughly) the same size base.

Steam is far far larger than 75 million accounts. It has at least 125 million active accounts alone and only Valve knows how many not active.

 

[The Last One]

Well, I'll definitely remove my CC info when Steam comes back online. What a fucking mess.

 

[Feichaw]

This. Has Valve said anything??

I think a valve is more communicative than Valve.

 

[Ikuu]

Jason didn't know that, he was just trying to help.

Of course after that steam database tweet everyone can come out and point fingers at kotaku...

Maybe don't tweet about something if you don't know about it.

 

[Dibbs]

http://www.valvetime.net/threads/steam-client-bug-displays-random-user-details.246629/

 

[hobblygobbly]

So yeah this is mostly what you'd called a data leak, not particularly a security breach per-se but that would depend on what caused the leak. If it was a misconfiguration for the cache it'll simply be that and a data leak. However if there was some nefarious access on Valve's systems to result in this it would be a security breach with Valve that affected users with a data leak. At most I think you can see the information and remove paypal/cc/phone number from the account but you not much else than that.

What was the response time to take it offline? 2hrs? Completely unacceptable. We'll have to know more if it's really a security breach or not.

 

[Parallacs]

My Christmas wish is for everyone to never again save their credit card info on steam, me included.

What a bunch of idiots.

 

[iceatcs]

Wow. Jump to unlick PayPal immediately.
Never been that scary in my life from Internet.


Will never to back link PayPal. I will stick to the traditional way in old step with PayPal.

 

[Metrotab]

This is the fuck-up that will force Valve to change the many different negative elements of their company that have been tolerated so far.

 

[Palculator]

Where do you unlink steam on the paypal site?

Account settings which you reach by clicking the little gear in the top right.

 

[gnexus]

This has been an Aperture Science test. If you were found to have been poking around someone else's account trying to compromise and take their stuff, you have been placed on the naughty list and revoke all Half Life 3 and Portal 3 privileges.

Thank you for being a part of this Aperture Science test.

 

[Relaxed Muscle]

which is more insulting, this type of mistake happening, or the complete silence from Valve?

Both

 

[Wagram]

Luckily I never linked Paypal and my credit card details are outdated. This is a very big problem though, and I see lawsuits on the horizon.

 

[AcademicSaucer]

Are people from valve astroturfing this thread or are people really this servile to corporations?

 

[GregLombardi]

Well, I'll definitely remove my CC info when Steam comes back online. What a fucking mess.

I would recommend putting a hold on it at the bank level until we learn everything about what this is.

 

[Nzyme32]

so I have my paypal linked to steam

hmm

Did you visit your account page recently? If so, some random person has probably seen your PayPal info. If you haven't visited the page, it can't be cached in the first place

 

[nintendoman58]

ARE YOU SERIOUS?!?

UGH. My account showed up for like, a second, and that's where I unlinked it!

I unlinked it via the PayPal site as well but...ugh.

 

[OtisInf]

Why did it take them + 45 minutes to shut down the servers ?
Wtf Valve WTF ???

Perhaps because they have hundreds of them, and it's not as simple as with your own PC where you just flip a switch?