UnemployedVillain
Member
A Valve Complete Pack, which they own 100% of anyway.
I have a feeling "Here are some free games! Hope no one SWATs you!" won't exactly help
A Valve Complete Pack, which they own 100% of anyway.
34,000 might seem low in the grand scheme of things, but it's still 34,000 too much.
I hope those 34k users get some serious compensation
Maybe they wanted to figure out exactly what happened before just saying something broke.
if people didn't have a problem, they wouldn't have picked up my original post how waiting five days for a detailed response over the christmas period is reasonable.You're not arguing with real people. Nobody here is saying that five days fir a detailed response with explanation in a complete vacuum is unacceptable. Stump even made a point on this page about how the failure to respond correctly upfront affected the response to this statement.
There isn't much stopping someone from doing that anyway. If you own a home, it's public record. If you own a business, it's public record. If you rent, your address is known by many third parties who already sell that shit to whoever.I have a feeling "Here are some free games! Hope no one SWATs you!" won't exactly help
There isn't much stopping someone from doing that anyway. If you own a home, it's public record. If you own a business, it's public record. If you rent, your address is known by many third parties who already sell that shit to whoever.
This sucks for those 34k people, but I would be shocked if any significant harm came to them as a result of this.
five days seems reasonable considering a.) you need to be thorough in determining the problem, and b.) it happened literally over christmas
...Yes. Why is that unreasonable?
five days for a detailed follow up explanation, with consultation with a tech partner for a solution, over christmas where you could be facing reduced staff on both fronts, is not an insane amount of time.Your reason b is bullshit. If you are open for business on Christmas you don't get to use that as an excuse.
Companies don't get to have it both ways. You want to keep making money during Christmas then you better respond just as fast as any other work day.
A Valve Complete Pack, which they own 100% of anyway.
seems low isn't ?
Because that's a piss-poor response time by any industry metric. The business I manage issues responses to outages and emergency situations the same day, any day of the year. If I can manage that for a company with a paltry revenue of 20 mil/year, surely someone with the pockets and resources of Valve can do just as good, if not better.
This apology is a good start but valve really needs to contact everyone that had their information leaked and set them up on fraud protection payed for by valve. I don't know why some people think this information leak is not important. When signing up for a credit card they often ask to verify an address to where you live. If that information is now on the internet for everyone to see I really need to be aware.
This apology is a good start but valve really needs to contact everyone that had their information leaked and set them up on fraud protection payed for by valve.
Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified.
five days for a detailed follow up explanation, with consultation with a tech partner for a solution, over christmas where you could be facing reduced staff on both fronts, is not an insane amount of time.
This apology is a good start but valve really needs to contact everyone that had their information leaked and set them up on fraud protection payed for by valve. I don't know why some people think this information leak is not important. When signing up for a credit card they often ask to verify an address to where you live. If that information is now on the internet for everyone to see I really need to be aware.
BothWait, was it a configuration error or a ddos attack then? :/
Wait, was it a configuration error or a ddos attack then? :/
Er why is everyone automatically taking their word for the 34k number?
Do you guys not remember they also said the caching issue lasted under an hour when that was patently false?
At least pretend you read what they said before replying dude.
For some people, like that dude whose page got cached by Google, the information is "still online." For a lot of people it was viewable for a short period of time and now it's gone unless people saved it. That's sort of why I'm less concerned about this in general. When Patreon got hacked a few months ago and all of peoples payment shit leaked as well as their billing addresses, etc, like you can still look that up. The whole database is out there floating freely.
For the vast majority of the 34k accounts affected by the cache it's unlikely anyone saved their information, and it's significantly less risky because this wasn't a targeted attack. It's like the difference between a hacker purposefully hacking in to your phone company and stealing a database for nefarious purposes and a random person getting your phone bill instead of theirs - yeah they could do something shitty with it and you should take it seriously, but the vast majority of people who get the wrong bill would just close out of the window or throw it away and not do anything.
I think the issue is that you can't guarantee that someone didn't save the information. I know if I was looking for easy money I would save as much information as I could and sell it on darknet. It is basically free money, someone out there would pay for it and combine it with other security breaches and you really start to have a nice data set of personal information.
If my information was exposed even for a moment then it is no longer secure and since Valve was in charge of keeping this information safe they should pay for fraud protection for all people who were exposed.
I would wager Valve's somewhat shitty customer service isn't a result of them not taking it seriously, but more that they prioritize more to developers than consumers (this is purely speculation)
To be honest, I think people would have been willing to give them 5 days (irrespective of what the professionally appropriate timeframe was) if their initial response wasn't so tone-deaf.
Of course I checked my details immediately after I've learned what happened and cached my shit.
Well Valve finally released a statement. They went from unacceptable silence to bare minimum.
A statement? Great! Thanks for your heartfelt, personal apology valve! Can gaffers now stop bitching about an incident that led to no harm to anyone anywhere?
This itself is a problem, though. When you run a major service-provider company, especially one that does abnormally huge holiday traffic, you staff a full complement of relevant positions on the holidays.
I don't think it's a cultural issue. For a lot of major consumer facing tech companies, a huge portion (sometimes larger than engineering) of their employees ARE customer service and support.
The thing is, there's always more customers by orders of magnitude than there are people to handle their issues. I know at least at my company, customers are ranked by tiers which determine who quickly they're helped or how around the clock help is available for them, and system wide issues are handled by the relevant engineer leads/teams.
I would wager Valve's somewhat shitty customer service isn't a result of them not taking it seriously, but more that they prioritize more to developers than consumers (this is purely speculation)
How so? This is a fairly thorough explanation of the problem and how it was solved. How is this just the bare minimum?
What Valve needs to do, the barest of bare minimums:
-Email all customers who were involved in the security issues.
-Issue a public email or bulletin to all Steam users about the issue and what it entailed.
-Contact every game news outlet and give them the same information, and answer all follow up questions from journalists about the issue.
What Valve should do if they were run like an actual professional company:
-Issue an apology.
-Offer affected users some sort of protection plan similar to the one offered by Target during their breach.
-Open a tech support communication venue, hosted separate from Steam, that communicates constantly about even small downtime issues. Start a Twitter/Tumblr/Facebook page for this task as well.
-Massively scale up their tech support team.
Er, yes. When something like this happens there should be an acknowledment immediately followed by very frequent updates on the situation and what we should do or not do until it has all been figured out.How is 5 days too long for some people? Do you expect a response as it's going on and they're figuring out wtf happened?
Er, yes. When something like this happens there should be an acknowledment immediately followed by very frequent updates on the situation and what we should do or not do until it has all been figured out.
34k users? Jesus, that's a lot.
Good to have a detailed statement though.
Which did happen.
Via Kotaku.
Not my fault GAF has a hate boner for them.
Yes I agree that more could of been done, but the minimal was met. Plus it was Christmas. PR and Legal teams probably hard as fuck to get hold of?
I figured they wouldn't say anything. Good for them.
I'm not sure how they can know the actual number unless that's 100% of the users active during the issue. Unless they are actually logging details of every access which sounds like a privacy/safety issue to me.