• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hi Guest. We've rebooted and consolidated our Communities section, so be sure to check it out and subscribe to some threads. Thanks!

Steam security issue revealed personal info to other users on XMas Day (fixed)

Nzyme32

Member
May 23, 2013
18,286
1
0
So yeah this is mostly what you'd called a data leak, not particularly a security breach per-se but that would depend on what caused the leak. If it was a misconfiguration for the cache it'll simply be that and a data leak. However if there was some nefarious access on Valve's systems to result in this it would be a security breach with Valve that affected users with a data leak. At most I think you can see the information and remove paypal/cc/phone number from the account but you not much else than that.

What was the response time to take it offline? 2hrs? Completely unacceptable. We'll have to know more if it's really a security breach or not.
Oh is it fixed now?

Very curious what an Xmas day response time looks like for security and data issues for various companies
 
Dec 11, 2012
22,035
0
0
Are people from valve astroturfing this thread or are people really this servile to corporations?
hahahahaha

People have "invested" lots of lots of money into a small group of corporations. When they get completely burned after spending years defending their use of money they will either

1) be really, really fucking pissed
2) go into complete denial and make sure everyone knows they are right
 

Blanquito

Member
Jul 19, 2013
2,003
0
0
Thats not what that means. They're saying that it wasn't deliberately done.
Breach: 1. An act of breaking or failing to observe a law, agreement, or code of conduct.
2. a gap in a wall, barrier, or defense, especially one made by an attacking army.

If they had said "this doesn't appear to be a hack" then I wouldn't have a problem. But that's not what they said. This is a security breach, and as such it will be treated by security agencies in a similar way. PCI compliance, law agencies, etc.
 

Big-ass Ramp

hella bullets that's true
Dec 27, 2009
5,213
35
810
What was the response time to take it offline? 2hrs? Completely unacceptable. We'll have to know more if it's really a security breach or not.
Completely agree. This will be unpopular, but this is the downside of being a company with an employees come first attitude. I imagine everyone has a nice long Christmas break, and so they were caught flatfooted by this.
 

NotLiquid

Member
Aug 30, 2012
17,950
2
0
Unlinked my Paypal through the Paypal site since they gave the OK for that. I really hope this shit gets resolved soon.
 

tjohn86

Member
Feb 17, 2009
2,072
0
0
Seattle, WA
Those database dumps aren't public to normal people. You could literally go into anything Steam related and get a new person's account. So you are under the whims of literally anyone who could touch the steam stuff.

I'm not sure what's worse, but it's clearly on the same level.
I agree this is a big deal, however, from a security perspective having one group able to query the details of millions of accounts offline is much worse than millions of people with access to a few accounts on hosting you control.
 

benny_a

extra source of jiggaflops
Apr 25, 2009
17,350
0
0
Stop arguing which hack was the worse.
Yeah. This is a thread about a current event.

I'm sure we'll have a thread about the response time and if Valve is getting a third party to investigate this (so it can be appropriately ascertained by a neutral party how much at fault Valve is) or if they just go it all on their own.
 

Hale-XF11

Member
Jul 14, 2011
8,865
7
540
I wonder how long it will be until we know the full extent of the damage done. At the very least, hackers had access to emails, addresses and who know what else. I'm mainly concerned about social engineering at this point, but who knows how much was leaked.
 

Head.spawn

Junior Member
Sep 3, 2013
6,745
1
320
Valve is normally piss poor in terms of communication.

They fucked up real bad in CS and had to apologize twice in the same week basically and said they would communicate more. While this situation sucks, hopefully it's what gets Valve to communicate more in general and step up all around.
I look forward to Gabens annual, "I know we need to do better and we aren't doing a good job..." routine.
 

QuiteWhittle

Member
Dec 13, 2009
6,132
0
0
Did you visit your account page recently? If so, some random person has probably seen your PayPal info. If you haven't visited the page, it can't be cached in the first place
I signed in a few minutes ago, but only got an error message when I visited my account page. Hope I'm fine.

Kinda wish I hadn't logged onto GAF at all today or I probably wouldn't have anything as an impulse.
 

jacobeid

Banned
Oct 3, 2012
6,804
0
0
http://www.reuters.com/article/us-sony-stoldendata-idUSTRE73P6WB20110427

Stop this bullshit please.

That some people really go full MY ONLINE NETWORK IS BETTER THAN YOURS in situations like this is embarassing.
As a general user in the public I couldn't get access to dozens of people's personal info that can be used for social enginerring.

CC companies always take the brunt of this stuff and the users don't suffer too much. It's when our personal details are released that we get really fucked in the long run.

So, YOU quit your bullshit, please and fucking thank you.

You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.
Thank you. Jesus.
 

Darryl M R

Member
Jun 19, 2013
16,861
2
0
Took way too long to pull the plug, a company this size gotta have at least a few nerds ready to act even on christmas.
Agreed they should have acted much faster.

Also completely unreleated your username is the same id my university gave me when I entered in.
 

Grief.exe

Member
Jul 11, 2012
43,857
0
0
Denver
backloggery.com
Just read this. What do I need to do?

I logged out of the iOS app. And is getting this when I try enter Steam in my browser with Enhanced Steam:

An error occurred while processing your request.
Reference #97.ca0af748.1451079421.3d8d5bff
Everything is down right now, waiting for more information.

Took way too long to pull the plug, a company this size gotta have at least a few nerds ready to act even on christmas.
Might not be that simple.
 

Sword Of Doom

Member
Aug 18, 2013
11,594
0
0
You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.
They only have one of the biggest sales of the year running. You don't think there are people working on Christmas?
 

XiaNaphryz

LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
Nov 5, 2005
52,177
0
0
SF Bay Area
Some people say it's a caching issue, but what's the point in caching the transaction list from a server point of view? Every user has got its unique page and I doubt it is a page with heavy traffic.

Does that mean that if I haven't visited that page in a while my account details will be safe?
If it's a misconfiguration error, pages that shouldn't get put on the cache could end up there anyway.
 

fhqwhgads

Member
Nov 15, 2014
2,085
1
0
Suddenly Valve's extremely tight security hurdles don't seem so unnecessary.
I take back anything I said about them in the past.
 

Tugatrix

Member
Jul 10, 2012
10,028
0
0
this is damn creepy I saw credits available in others account, Then proceed to close steam. Glad I didn't left my real CC on the account
 

BHK3

Banned
Dec 18, 2011
5,891
0
0
26
A paper street house
http://www.reuters.com/article/us-sony-stoldendata-idUSTRE73P6WB20110427

Stop this bullshit please.

That some people really go full MY ONLINE NETWORK IS BETTER THAN YOURS in situations like this is embarassing.
You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.
 

benicillin

Banned
Mar 31, 2012
5,306
0
0
Man what a crazy bug to show up out of nowhere.

Not sure what anyone expects as far as official comment from Valve is concerned - what is Valve gonna tell you at this point, there's a problem and they're looking into it? I doubt they have any more information than we do right now.
 

iNvid02

Member
Aug 16, 2009
18,299
55
1,075
did anyone find hl3 though? what if this is an elaborate distraction while some rogues infiltrate valves network
 

Steel

Banned
Jun 20, 2013
19,664
0
0
So, while we're all worried about our data being seen by random other people, how do you all think Valve will try to make up for this?

is... is that from the movie? ...


did i just get something from the movie spoiled?... day before I see it too. lol

:\
That's such a random gif that I'd hesitate calling it a spoiler. Hell, the commercials are more spoiler heavy.
 

Goldfishking

Member
Oct 14, 2014
1,274
0
0
Man this is screwed up. As soon as this is sorted im deleting my info off steam and will probably never buy anything off their for a while.
 

Alucrid

Banned
May 30, 2009
46,847
0
0
I'll just wait for the mass hysteria of all the arm-chair network admins and security professionals to die down.

Then, we'll figure out what data got compromised, what we need to do to resolve it and then move on with life.
we know what information was compromised because we could all see that information
 

emag

Member
Apr 26, 2012
3,355
0
0
This is the fuck-up that will force Valve to change the many different negative elements of their company that have been tolerated so far.
Eh. PC gamers will quickly forgive and forget. The holy saviors Valve and CDPR can do no wrong.
 

Cleve

Member
May 2, 2014
3,779
0
0
You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.
Doesn't matter. They're generating huge income all day today. They need to have people on staff to manage issues. If they don't want to support the service they shouldn't have it open for sales.
 

Delusibeta

Banned
Feb 18, 2012
10,875
0
0
delusibeta.tumblr.com
Is there any reason to expect this to be less fucked than the PSN situtiation those few years back? This seems way worse given how just about anyone can see this shit.
Depends on how long the downtime is. The PSN hack was so memorable because of the extended downtime. I expect this will be forgotten about before the end of January tbh. Certainly, the time to downtime was extremely quick, considering the size of the system, how much redundancy and backups were built in, and the small fact that today's Christmas Day. That's something that's usually measured in days.

With that said, the sheer ease of this exploit is extremely unusual.
 

Grief.exe

Member
Jul 11, 2012
43,857
0
0
Denver
backloggery.com
You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.
Hackers had access to account names and information of millions of users during that breach.

The information we have now, they had access to only a small percentage as the same names continued to come up over and over. We will have to wait for more information.