• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Steam security issue revealed personal info to other users on XMas Day (fixed)

beta_fuse

Member
I received multiple emails of someone trying to access my account but needed my steam guard code via email. I ended up changing my steam password but should I be worried about anything else?
 

Joni

Member
I agree this is a big deal, however, from a security perspective having one group able to query the details of millions of accounts offline is much worse than millions of people with access to a few accounts on hosting you control.
It depends on the type of details, with no indication that there was financial information lost through the PSN hack. It was mainly interesting to sell that information for targetted ads. And of course, it depends on what caused this, just technical issues or something more serious on the backend.
 

Savitar

Member
So, while we're all worried about our data being seen by random other people, how do you all think Valve will try to make up for this?

Gabe will give a long written reply.

People will say that he was humble and took his lumps and they still trust Valve.

That's about it.
 

JaseC

gave away the keys to the kingdom.
I hope there's eventually a silver lining and this stuff-up leads to Valve allowing a one-off account name change. I entered mine out of frustration as everything else I wanted at the time was taken; I didn't expect it, of all things, to be free. Then there's the fact that, initially, your account name would be the e-mail address you supplied during registration, so many people have account names that aren't actually names (I lost access to my original account :sadcloud:).
 

x3sphere

Member
Well it seems not only user pages were being cached but admin ones as well, as I noticed an admin dropdown with a bunch of options when I went on Steam earlier today. Didn't click any of them, but having said that who knows what else was accessed through this. Probably going to take Valve some time to assess all the damage.
 

Stumpokapow

listen to the mad man
As one of the accounts affected by this (shout-outs to the nice random people on Steam contacting me to chat because they were in my account and looking at my stuff--all seemed like standup, trustworthy guys), the basic information I want to know:

1) Was this a breach, a staff error, or a configuration error that happened due to some unusual hardware cascade situation?
2) How many users were affected?
3) How many people accessed my information?
4) What information did they access?
5) If my address or cc info was even partially exposed, I expect a year or two of credit monitoring
6) If a breach, was my tax information accessed
7) Will I be permitted to change my login username in light of this?

It goes without saying that if purchasing was exposed they should do a full rollback, but I'm not worried about that because that's obvious. More worried about the personal info.
 

Jobbs

Banned
I almost never play PC games, but sat down today thinking I'd maybe play some Grim Dawn... Only to see four different messages waiting for me to stay off Steam.
 

daxgame

Member
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

image.php
 

BinaryPork2737

Unconfirmed Member
This is the fuck-up that will force Valve to change the many different negative elements of their company that have been tolerated so far.

I hope so, but I have my doubts at this point in time. Valve needs to be more active on social media sites, at the very least.
 
N

NinjaFridge

Unconfirmed Member
You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

If they don't have anybody in the office on the day they start one of the biggest sales of the year then they are complete morons.
 

MayMay

Banned
Doesn't matter. They're generating huge income all day today. They need to have people on staff to manage issues. If they don't want to support the service they shouldn't have it open for sales.

Okay, good point.

They probably have a small service staff in the office monitoring it, but who says they have the power to "pull the plug" - so that means they had to contact whoever is responsible, make them come to the office etc etc etc.

Took them an hour, that's not really that long imo.

If they don't have anybody in the office on the day they start one of the biggest sales of the year then they are complete morons.

They started the sale a few days ago and everything has been running smoothly, but yeah. They probably have a bit of support there.
 
This is a huge fuck up.

I wonder if this has been going on for a little while. My bank declined an attempted purchase on Wednesday and I received a call from the bank saying the charge was coming from the UK, but it was the exact amount that I was trying to purchase. The bank said it seemed normal for an authorization so I ignored it.

Right now my account seems fine other than a double charge for a Steam gift I bought earlier today which was probably a result of the servers getting hammered and all this shit that is going on right now. Going to request new cards regardless once this is all over.
 
we know what information was compromised because we could all see that information

Well, just in this thread alone I've seen 20 different variations of "I could only see the last 4 digits. I could see the entire phone number. I could buy games. I couldn't buy games. I could see what they ate for dinner last night. Etc..."

We know the basics, but not the full details. Only time will tell that.
 
Valve is normally piss poor in terms of communication.

They fucked up real bad in CS and had to apologize twice in the same week basically and said they would communicate more. While this situation sucks, hopefully it's what gets Valve to communicate more in general and step up all around.
I love steam. I love valve.

They have one of the worst customer support systems I've ever seen. For a company to be so widely loved and have that kind of atrocious support is really strange to me. I think it is because there isn't really any competition in digital game delivery space. (Uplay and Origin are not)
 
Well I've got Steam Guard, so I should be fine right?

Either way, Steam is probably going to lose my business for a while over this. I'm more than happy to buy from elsewhere.
 

Rebel Leader

THE POWER OF BUTTERSCOTCH BOTTOMS
As one of the accounts affected by this (shout-outs to the nice random people on Steam contacting me to chat because they were in my account and looking at my stuff--all seemed like standup, trustworthy guys), the basic information I want to know:


5) If my address or cc info was even partially exposed, I expect a year or two of credit monitoring Yes it was view able
It goes without saying that if purchasing was exposed they should do a full rollback, but I'm not worried about that because that's obvious. More worried about the personal info.
That's all I know
 

Hektor

Member
You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.

As a general user in the public I couldn't get access to dozens of people's personal info that can be used for social enginerring.

CC companies always take the brunt of this stuff and the users don't suffer too much. It's when our personal details are released that we get really fucked in the long run.

So, YOU quit your bullshit, please and fucking thank you.



Thank you. Jesus.

Please both learn to read, as that is not what youjacobeid originally wrote. Thank you.
 

Mr_Zombie

Member
You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

For an IT company that big that also provides a service that works (or should work) 24/7? Huge chances. There's always a person who is on the call - either at the office or at home with remote access.
 
Top Bottom