Monday, November 7th 2011

Steam Forums Get Nailed By Hackers

Valve, a company that operates solely online, takes its security pretty seriously and has a good reputation in this area. However, at the time of writing, its Steam forums are down, having suffered a hack attack earlier today. Visit the forums now and you see a message saying "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This attack was apparently done by hackers who want to offer free game cheats (but one should be wary of stealthy malware payloads) since before the forums were taken down, they had planted this message:
Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks?
The rest of the message then recommends a website where one can obtain all sorts of illegal game cheats, hack tools and porn. Some Steam forum users even received an email with this text, such as this NeoGAF user. There's no indication that any user's account information has been compromised. However, if you haven’t yet set up Steam Guard, now is a good time to do so, along with changing your password when the forums come back online. Also, be sure to use different a password for every login. Of course, many other gaming forums have been hacked in the past and just this year saw many hacks against such big names as Nintendo, Sega, BioWare, Epic Games and of course Sony, which was hacked many times over in protest at their business practices, such as removing the OtherOS feature from their PS3 console.

Source: 1up.com
Add your own comment

36 Comments on Steam Forums Get Nailed By Hackers

#1
seronx
Dang! Thanks qubit for the news
Posted on Reply
#2
NC37
Now someone hack Origin :D.
Posted on Reply
#3
Sasqui
"The Steam forums have been hacked. Thank you for your patience."

Can't people be more up-front? :laugh:
Posted on Reply
#4
Damn_Smooth
Does this effect everyone with a Steam account, or just those that use the forums? I've never been in their forums, so I'm good if it is the latter.
Posted on Reply
#5
cool_recep
Steam accounts and forum are seperate. They are using vB 3.8.7. I am not surprised... (Although vB 4.x.x have vulnerabilities too)
Posted on Reply
#6
chaotic_uk
thats why i got the below from the steam forums to my email address , deleted it anyways but i did wonder why it had the steampowered email address
Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit ************. It's safe, secure and undetected.

Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think.

Thanks again,
the """"""""""""""" team.
Posted on Reply
#7
v12dock
These people are so cool...
Posted on Reply
#8
techtard
Changed my steam password and de-authorized all other pcs from steamguard just to make sure I didn't get my shit jacked.

These damned hackers need to stop being dicks.
Posted on Reply
#9
_JP_
Here's to hoping no data got stolen and people can return to their favorite hobby with peace of mind.
There are better (as in, more worthy) sites that could be hacked.
Posted on Reply
#10
white phantom
is it just me that finds it all a little bit strange how during the forums being hacked they want you to "change passwords and steam guards?" what if there is something valve don't know and its bumping all the new passwords and info being changed to the hackers? fair enough change the passwords and such for security but smells fishy personally. However i dont use steam forums so all should be good :)

edit** woohoo 25th post lol :L
Posted on Reply
#11
Roph
It would be a problem with vBulletin, not steam's own platform. Not only that, but steam runs their forums separately to their steam platform.

Lastly, vB, like all good software, encrypts/hashes your passwords. Compromising the db might net you email addresses or private messages, but you won't get everyone's passwords without some serious supercomputer time.
Posted on Reply
#12
Easy Rhino
Linux Advocate
haha that's what people get for using the steam forums. seriously, there couldn't exist a bigger group of trolls.
Posted on Reply
#13
Delta6326
I don't see why someone would even want to hack Steam, now I can see Origin, but not Steam.

But yeah I like steam guard I just got this message...
Posted on Reply
#14
alexsubri
I am only viewing this thread, because Qubit said hack tools porn. Thank`s a lot , I just lost 5 mins of my fap time
Posted on Reply
#15
qubit
Overclocked quantum bit
by: white phantom
is it just me that finds it all a little bit strange how during the forums being hacked they want you to "change passwords and steam guards?" what if there is something valve don't know and its bumping all the new passwords and info being changed to the hackers? fair enough change the passwords and such for security but smells fishy personally. However i dont use steam forums so all should be good :)

edit** woohoo 25th post lol :L
I don't think they mean it like that. When the forums are back online, then change the passwords.

25 posts? pfft. Just wait to see how your keyboard looks after 5500 posts - it'll be completely knackered and your fingers will have flat spots where they hit the keys! :laugh:

I can't imagine how Mussels' keyboard and fingers are after 31000 posts. :eek:
Posted on Reply
#16
alexsubri
by: qubit
I don't think they mean it like that. When the forums are back online, then change the passwords.

25 posts? pfft. Just wait to see how your keyboard looks after 5500 posts - it'll be completely knackered and your fingers will have flat spots where they hit the keys! :laugh:

I can't imagine how Mussels' keyboard and fingers are after 31000 posts. :eek:
Mussels keyboard looks like this after 25,000 posts
Posted on Reply
#17
Undead46
by: cool_recep
Steam accounts and forum are seperate. They are using vB 3.8.7. I am not surprised... (Although vB 4.x.x have vulnerabilities too)
Yes, but many people use the same password on the forums as their steam account. Not to mention, most people link their steam community page in their forum profile.
Posted on Reply
#18
qubit
Overclocked quantum bit
by: Undead46
Yes, but many people use the same password on the forums as their steam account. Not to mention, most people link their steam community page in their forum profile.
That's a security fail on the part of the user. My passwords for the forum and the Steam client don't even resemble each other.
Posted on Reply
#19
hhumas
very sad ........................
Posted on Reply
#21
[H]@RD5TUFF
never posted there, can't imagine it effected a lot of people.
Posted on Reply
#22
buggalugs
Theres something seriously wrong with the mentality of those hackers, letting cheaters run free on game servers means the game is wrecked and people stop playing it. Many good online games have been wrecked and died because of selfish asshole cheaters.

They're seriously fking retarded, and think the world owes them something, the kind of people that vandalise public property. They cant get any notoriety in their crap broken lives by doing something worthwhile so they destroy stuff instead. Assholes
Posted on Reply
#23
claylomax
by: qubit
Valve, a company that operates solely online, takes its security pretty seriously and has a good reputation in this area. However, at the time of writing, its Steam forums are down, having suffered a hack attack earlier today. Visit the forums now and you see a message saying "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This attack was apparently done by hackers who want to offer free game cheats (but one should be wary of stealthy malware payloads) since before the forums were taken down, they had planted this message:The rest of the message then recommends a website where one can obtain all sorts of illegal game cheats, hack tools and porn. Some Steam forum users even received an email with this text, such as this NeoGAF user. There's no indication that any user's account information has been compromised. However, if you haven’t yet set up Steam Guard, now is a good time to do so, along with changing your password when the forums come back online. Also, be sure to use different a password for every login. Of course, many other gaming forums have been hacked in the past and just this year saw many hacks against such big names as Nintendo, Sega, BioWare, Epic Games and of course Sony, which was hacked many times over in protest at their business practices, such as removing the OtherOS feature from their PS3 console.

http://www.techpowerup.com/img/11-11-07/steamhacked07112011_thm.jpg http://www.techpowerup.com/img/11-11-07/steamdown07112011_thm.jpg

Source: 1up.com
The lot.
Posted on Reply
#24
n-ster
by: qubit
That's a security fail on the part of the user. My passwords for the forum and the Steam client don't even resemble each other.
I am subscribe to so many different forums and e-mails etc etc that I can't possibly remember that many passwords

I have 5~6 passwords with a variation on some, but it is always a pain to remember which password I put where, so I end up doing the "forgot password" 25% of the time
Posted on Reply
#25
techtard
by: Roph
It would be a problem with vBulletin, not steam's own platform. Not only that, but steam runs their forums separately to their steam platform.

Lastly, vB, like all good software, encrypts/hashes your passwords. Compromising the db might net you email addresses or private messages, but you won't get everyone's passwords without some serious supercomputer time.
Maybe this is what the bitcoin project is all about. They could be using all that processing power to crack hashes and decrypt all the data that they are compromising.

Maybe I'm just paranoid.
Posted on Reply
Add your own comment