Support NeoGAF

[cw_sasuke]

Just what the hell happened here... Shit.

 

[Cleve]

which is more insulting, this type of mistake happening, or the complete silence from Valve?

Valve really need to get their customer service together. Their support is absolutely terrible.

 

[Hektor]

Didn't happen with PSN.

http://www.reuters.com/article/us-sony-stoldendata-idUSTRE73P6WB20110427

Stop this bullshit please.

That some people really go full MY ONLINE NETWORK IS BETTER THAN YOURS in situations like this is embarassing.

 

[konjak]

This is bad, but it's not nearly as bad as people think in here. I mean, the error made you unable to make purchases or even anything that makes Steam save settings (at least here). Not trying to downplay too much, just I don't think people need to panic TOO hard.

To be fair, I don't know the implications of "don't do anything on the store for now", but I don't think Valve does either so they're playing every thing they can safe.

 

[Rebel Leader]

I would recommend putting a hold on it at the bank level until we learn everything about what this is.

how? Call?

 

[Clawww]

Both

either

 

[DeaviL]

Well, if you weren't logged on or browsing steam there's nothing to fear.
This wasn't any sort of hack.

Spoiler

So, who's going to try and refute this statement?

Call me a corp. apologist as much as you want.
At least i ain't gasoline to the fire.

 

[Conkerkid11]

This thread is exploding. If signing into your account makes it more vulnerable, bringing this much attention to the situation as it happens may be a bad idea.

 

[MayMay]

which is more insulting, this type of mistake happening, or the complete silence from Valve?

You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

 

[chrominance]

So if I understand correctly, the reason not to visit any Steam account pages is to ensure your page doesn't show up (as normally intended), which would then be stored in the server cache and thus could be delivered to other people?

Do we even know how long those pages are normally cached for? If they were really caching account details pages (WHY WOULD YOU DO THIS), I could see them being cached for hours or even days given how rarely some of that information is likely to change.

 

[Doctor_Thomas]

What? How do you know how "bad" this is already?

PSN had millions of accounts compromised and complete address details stolen. There's no evidence to show this is worse yet.

This allowed every single Steam user to view other people's details and who knows what else. This is much worse because it was through Valve's own systems and I could use Valve's own client to view the information. This is much worse.

 

[terrible]

Well this is pretty much as bad as it gets. Unreal.

 

[Obliterator]

Dude people's emails were IN THE OPEN. Plenty of people have major info stored there and there are people who can brute force their way into email accounts

Regardless of what happens this is a colossal fuck up

 

[TheSpoiler]

Not defending Valve in any way but the PSN hack was way worse than this. Attackers with malicious intent got actual database dumps in that attack.

There isn't even an attacker here, its just a leak.

Those database dumps aren't public to normal people. You could literally go into anything Steam related and get a new person's account. So you are under the whims of literally anyone who could touch the steam stuff.

I'm not sure what's worse, but it's clearly on the same level.

 

[Dr. Malik]

Steam is far far larger than 75 million accounts. It has at least 125 million active accounts alone and only Valve knows how many not active.

Oh wow this is way worse has CNN already on this?

 

[kulapik]

Hopefully this will change Valve's shitty support and community management. Their twitter account is just a fucking bot, for the love of God.

 

[Tinfoilhatsron]

Are people from valve astroturfing this thread or are people really this servile to corporations?

You'd be suprised. Ever hear of Disney?

 

[Mozendo]

So glad I don't have a CC and that my bank isn't linked to my paypal

 

[RPGamer92]

How do you check your payment info on steam? I don't think I have CC stuff saved but I want to check just to make sure.

 

[Lingitiz]

This is embarrassing. Knowing Valve this is going to take a while to fix.

 

[iNvid02]

Jason didn't know that, he was just trying to help.

Of course after that steam database tweet everyone can come out and point fingers at kotaku...

joking aside its unfortunate that the instinctive common sense response to this could put you at more risk, its nobodys fault, but should serve as a reminder in the future to be sure about what you're advocating (especially when everything is up in the air and you have some influence)

 

[Envelope]

Are people from valve astroturfing this thread or are people really this servile to corporations?

welcome to Neogaf

 

[GregLombardi]

how? Call?

Yes. Most banks can put a voluntary hold...though it will be on all purchases, so I would use another credit card or something in the mean time if possible.

 

[Kazerei]

Yikes. After being a victim of CC fraud I stopped saving my CC info anywhere. I'd just type in my CC numbers in manually with every online purchase. After about a dozen times it stuck in my memory. No matter how much you trust a company's online security, shit happens. Hope nothing bad comes of this :\

 

[AlteredForms]

Emails will be sent out whenever an attempt to access your account has been made. I believe this is enabled via the mobile authentication system they have going on. I recently got an email on my phone and was relieved to hear it was from Humble Bundle.

 

[Hektor]

You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

So what?

 

[Fracas]

Did you visit your account page recently? If so, some random person has probably seen your PayPal info. If you haven't visited the page, it can't be cached in the first place

I think I have.

I'll unlink soon as Steam comes back up and hope for the best, I guess.

 

[CambriaRising]

Are people from valve astroturfing this thread or are people really this servile to corporations?

Unfortunately the latter. Especially with Valve.

 

[fantomena]

Stop arguing which hack was the worse.

This is unacceptable. Being able to read other peoples information is unacceptable and a breach in privacy.

Valve is so fucked in EU.

 

[FuturusX]

With details of the breach being thin and very changeable, my advice is to NOT interact with steam at all to remove or change you financial information, better to work with paypal or your CC / Bank directly to lock down your accounts.

Good luck.

 

[Kwansu Dudes]

Um, Sony issued free ID/CC monitoring after the 2011 hack so I'm pretty sure shit was stolen.

 

[Podge293]

Having such amount of money in your wallet... and this is not the biggest number

Probably Christmas gift cards to be fair


Also can't link steamdb's next tweet but they did clarify don't unlink PayPal through steam rather through paypals own site

 

[RobNBanks]

What is sad is the Steam silence.
It's Steam DB who is giving us some advices to avoid more damage.
Steam Twitter is silent...

Apart from the Steam Database tweets, is there any official comment by Valve?

This. Has Valve said anything??

Valve is normally piss poor in terms of communication.

They fucked up real bad in CS and had to apologize twice in the same week basically and said they would communicate more. While this situation sucks, hopefully it's what gets Valve to communicate more in general and step up all around.

 

[Dryk]

They finally shut it down!

FUCKING CHRIST VALVE, MY EMAIL IS NOW IN THE WILD AND ANY FUCK CAN SEE IT AND POTENTIALLY COMPRISE ME.

I wonder if they'll be able to tell which accounts were compromised once they get everything fixed

 

[Deleted member 80556]

Wait weren't all the CC #'s from PSN hack not encrypted? Here, I could only see the last 4. Plus I'm assuming if you had steamguard you should be ok?

They were salted (or something like that), not in plain text.

 

[KenzinFive]

I've changed my PayPal password, I don't know if that will be enough. I don't want to try accessing my Steam account now with all the info going around. God, this is so confusing. At least with the Xmas PSN and XBL outages, we knew what was wrong and has to just ride it out. Here, we could change our info...or wait, we shouldn't, because that puts us at more risk. We need official word from Valve but I'm sure it's all hands on deck over there trying to fix this.

 

[Frag Waffles]

Valve with the strong, late game entry. It's a bold move, we'll see if it pays off.

Dying over here. LMAO

 

[Kalor]

I'm really curious to find out the extent of this. I went away for a hour and a half and came back to this going on.

 

[AJ_Wings]

Aaaaannd total fucking silence from Valve. Fucking typical...

 

[2Crisis]

joking aside its unfortunate that the instinctive common sense response to this could put you at more risk, its nobodys fault, but should serve as a reminder in the future to be sure about what you're advocating (especially when everything is up in the air and you have some influence)

Until Valve comes out and gives a response (if ever), SteamDB could be full of shit as well

 

[Sword Of Doom]

Seriously does everything have to be a competition?

Who gives a fuck which was worse?

 

[throwawayname]

I'm coming for you Valve.

 

[Pachimari]

Just read this. What do I need to do?

I logged out of the iOS app. And is getting this when I try enter Steam in my browser with Enhanced Steam:

An error occurred while processing your request.
Reference #97.ca0af748.1451079421.3d8d5bff

 

[dmr87]

Took way too long to pull the plug, a company this size gotta have at least a few nerds ready to act even on christmas.

 

[Servbot #42]

So i had my CC on steam and no authenticator, how fucked am i? What should even do right now? What can we do? Nothing? Worst part is that i have been using a family member card. This blows

 

[Prosopon]

This is the fuck-up that will force Valve to change the many different negative elements of their company that have been tolerated so far.

Yes!

 

[Sniffynose]

Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.


Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

I could see the person's full name and address, his email, and last four digits of his phone number and credit card...

I'm worried!

 

[BlackJace]

I'm no systems engineer, but I'm not sure killing the servers is equivalent to pulling some plugs, flipping switches, or clicking a few buttons.

Hopefully no one's info gets jacked.

 

[HeroInGreen]

At least we are not missing any dailies.

 

[Envelope]

You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

if you run a 24/7 service and don't have people working on it 24/7 you have failed as a company