• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Nzyme32

Member
So yeah this is mostly what you'd called a data leak, not particularly a security breach per-se but that would depend on what caused the leak. If it was a misconfiguration for the cache it'll simply be that and a data leak. However if there was some nefarious access on Valve's systems to result in this it would be a security breach with Valve that affected users with a data leak. At most I think you can see the information and remove paypal/cc/phone number from the account but you not much else than that.

What was the response time to take it offline? 2hrs? Completely unacceptable. We'll have to know more if it's really a security breach or not.

Oh is it fixed now?

Very curious what an Xmas day response time looks like for security and data issues for various companies
 
Are people from valve astroturfing this thread or are people really this servile to corporations?

hahahahaha

People have "invested" lots of lots of money into a small group of corporations. When they get completely burned after spending years defending their use of money they will either

1) be really, really fucking pissed
2) go into complete denial and make sure everyone knows they are right
 

Blanquito

Member
Thats not what that means. They're saying that it wasn't deliberately done.

Breach: 1. An act of breaking or failing to observe a law, agreement, or code of conduct.
2. a gap in a wall, barrier, or defense, especially one made by an attacking army.

If they had said "this doesn't appear to be a hack" then I wouldn't have a problem. But that's not what they said. This is a security breach, and as such it will be treated by security agencies in a similar way. PCI compliance, law agencies, etc.
 

Vilam

Maxis Redwood
Thank god I can't even remember the last time I logged into Steam. So pleased that none of the deals from the last few days looked tempting. Hoping that leaves my account safe.
 

Big-ass Ramp

hella bullets that's true
What was the response time to take it offline? 2hrs? Completely unacceptable. We'll have to know more if it's really a security breach or not.

Completely agree. This will be unpopular, but this is the downside of being a company with an employees come first attitude. I imagine everyone has a nice long Christmas break, and so they were caught flatfooted by this.
 

tjohn86

Member
Those database dumps aren't public to normal people. You could literally go into anything Steam related and get a new person's account. So you are under the whims of literally anyone who could touch the steam stuff.

I'm not sure what's worse, but it's clearly on the same level.

I agree this is a big deal, however, from a security perspective having one group able to query the details of millions of accounts offline is much worse than millions of people with access to a few accounts on hosting you control.
 

Panda Rin

Member
Has any hacking group claimed responsibility yet?

It cannot be just a coincidence that this breach fell on the biggest day of the year.
 

benny_a

extra source of jiggaflops
Stop arguing which hack was the worse.
Yeah. This is a thread about a current event.

I'm sure we'll have a thread about the response time and if Valve is getting a third party to investigate this (so it can be appropriately ascertained by a neutral party how much at fault Valve is) or if they just go it all on their own.
 

Hale-XF11

Member
I wonder how long it will be until we know the full extent of the damage done. At the very least, hackers had access to emails, addresses and who know what else. I'm mainly concerned about social engineering at this point, but who knows how much was leaked.
 

Head.spawn

Junior Member
Valve is normally piss poor in terms of communication.

They fucked up real bad in CS and had to apologize twice in the same week basically and said they would communicate more. While this situation sucks, hopefully it's what gets Valve to communicate more in general and step up all around.

I look forward to Gabens annual, "I know we need to do better and we aren't doing a good job..." routine.
 
Did you visit your account page recently? If so, some random person has probably seen your PayPal info. If you haven't visited the page, it can't be cached in the first place

I signed in a few minutes ago, but only got an error message when I visited my account page. Hope I'm fine.

Kinda wish I hadn't logged onto GAF at all today or I probably wouldn't have anything as an impulse.
 

jacobeid

Banned
http://www.reuters.com/article/us-sony-stoldendata-idUSTRE73P6WB20110427

Stop this bullshit please.

That some people really go full MY ONLINE NETWORK IS BETTER THAN YOURS in situations like this is embarassing.

As a general user in the public I couldn't get access to dozens of people's personal info that can be used for social enginerring.

CC companies always take the brunt of this stuff and the users don't suffer too much. It's when our personal details are released that we get really fucked in the long run.

So, YOU quit your bullshit, please and fucking thank you.

You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.

Thank you. Jesus.
 
Took way too long to pull the plug, a company this size gotta have at least a few nerds ready to act even on christmas.

Agreed they should have acted much faster.

Also completely unreleated your username is the same id my university gave me when I entered in.
 

Grief.exe

Member
Just read this. What do I need to do?

I logged out of the iOS app. And is getting this when I try enter Steam in my browser with Enhanced Steam:

An error occurred while processing your request.
Reference #97.ca0af748.1451079421.3d8d5bff

Everything is down right now, waiting for more information.

Took way too long to pull the plug, a company this size gotta have at least a few nerds ready to act even on christmas.

Might not be that simple.
 
You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

They only have one of the biggest sales of the year running. You don't think there are people working on Christmas?
 

XiaNaphryz

LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
Some people say it's a caching issue, but what's the point in caching the transaction list from a server point of view? Every user has got its unique page and I doubt it is a page with heavy traffic.

Does that mean that if I haven't visited that page in a while my account details will be safe?

If it's a misconfiguration error, pages that shouldn't get put on the cache could end up there anyway.
 

Tugatrix

Member
this is damn creepy I saw credits available in others account, Then proceed to close steam. Glad I didn't left my real CC on the account
 

BHK3

Banned
http://www.reuters.com/article/us-sony-stoldendata-idUSTRE73P6WB20110427

Stop this bullshit please.

That some people really go full MY ONLINE NETWORK IS BETTER THAN YOURS in situations like this is embarassing.

You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.
 
Man what a crazy bug to show up out of nowhere.

Not sure what anyone expects as far as official comment from Valve is concerned - what is Valve gonna tell you at this point, there's a problem and they're looking into it? I doubt they have any more information than we do right now.
 

Steel

Banned
So, while we're all worried about our data being seen by random other people, how do you all think Valve will try to make up for this?

is... is that from the movie? ...


did i just get something from the movie spoiled?... day before I see it too. lol

:\

That's such a random gif that I'd hesitate calling it a spoiler. Hell, the commercials are more spoiler heavy.
 

Alucrid

Banned
I'll just wait for the mass hysteria of all the arm-chair network admins and security professionals to die down.

Then, we'll figure out what data got compromised, what we need to do to resolve it and then move on with life.

we know what information was compromised because we could all see that information
 

Cleve

Member
You know what date it is? What are the chances there's someone in the office, or even what are the chances someone at Valve is aware of the issues?

Its only been happening for an hour.

Doesn't matter. They're generating huge income all day today. They need to have people on staff to manage issues. If they don't want to support the service they shouldn't have it open for sales.
 
Is there any reason to expect this to be less fucked than the PSN situtiation those few years back? This seems way worse given how just about anyone can see this shit.

Depends on how long the downtime is. The PSN hack was so memorable because of the extended downtime. I expect this will be forgotten about before the end of January tbh. Certainly, the time to downtime was extremely quick, considering the size of the system, how much redundancy and backups were built in, and the small fact that today's Christmas Day. That's something that's usually measured in days.

With that said, the sheer ease of this exploit is extremely unusual.
 

Shard

XBLAnnoyance
It would probably be prudent for everybody to go back and delete the usernames that are listed here in this thread.
 

Grief.exe

Member
You and I could not see anyone else's PSN info. Not then and not now, not a single line of info was truly 'leaked'. Sony has to say that shit went wrong, cause it did, but all it resulted for the user was no online for a month. Link me an article where people reported their info stolen from the event.

You ever heard of getting Fifa'd? That's 100x worse than the psn breach and on the same level as this current event. Everyone's online network is good but the support is shit all around.

Hackers had access to account names and information of millions of users during that breach.

The information we have now, they had access to only a small percentage as the same names continued to come up over and over. We will have to wait for more information.
 
Top Bottom