Thursday, November 10th 2011

Steam Hack More Severe Than Thought: Change Your Password NOW

Gabe Newell of Valve has issued a statement that the forum hack they experienced over the weekend actually goes much deeper than they thought. The criminals accessed the main database containing such goodies as user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. Apparently, no personally identifying information was taken - but we await the result of the full investigation before breathing a sigh of relief. Due to this serious breach, TechPowerUp advises all Steam users to change their account password immediately. People starting up their Steam client will now see the following message from Gabe Newell about this:

10 November 2011
Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
Add your own comment

127 Comments on Steam Hack More Severe Than Thought: Change Your Password NOW

#1
FordGT90Concept
"I go fast!1!11!1!"
I changed my Steam password when a thread was posted earlier about the forum password's being stolen.
Posted on Reply
#2
AsRock
TPU addict
by: digibucc
credit card information can mean billing address, expiration, issuer, security code - but not necessarily card number.
That is personal information, your name billing address meaning were you live ?. So they probably have your email address to. I SHOULD not have a issue with my cards i don't save them on steam for this very reason.

Any information that you give them when signing up plus any thing you use to buy though them is personal or this be a total none issue.
Posted on Reply
#3
v12dock
These people are just so cool...

My card is in crappy condition and I never changed it with the PSN hack. Now it's a great time to get a new card

And was the database mysql?
Posted on Reply
#5
Wrigleyvillain
PTFO or GTFO
by: [H]@RD5TUFF
Canceling my credit card, this is really irritating! :banghead:
Um whoa there you don't need to up and cancel it, there is no evidence that any actual theft using card numbers has or will take place. What you should do is check your statement and continue to do so more often...

I bet it was EA! lol

(Hell they are lucky it wasn't Origin (yet) which may have even been easier. Speaking of which I need to change that pass too).
Posted on Reply
#6
wickerman
I laughed at this because even though I use steam, and had to change my password...my bank was hacked recently and though my credit card hadn't been fraudulently charged, they issued me a new visa card anyway...so now that steam got hacked I don't have to worry about my credit card since the info on steam isn't valid anyway :laugh:

Looks like 2011 is gunna be the year of the hacker, so many high profile companies have been hit this year, it's kinda scary to think about.

But I do like the steam system where in if a new system tries to log into your account, you need to enter an email confirmation number. Luckily I use different passwords for steam and my email. You can never have too many passwords it seems!
Posted on Reply
#7
[H]@RD5TUFF
by: Wrigleyvillain
Um whoa there you don't need to up and cancel it, there is no evidence that any actual theft using card numbers has or will take place. What you should do is check your statement and continue to do so more often...

I bet it was EA! lol

(Hell they are lucky it wasn't Origin (yet) which may have even been easier. Speaking of which I need to change that pass too).
I can live without my visa card for a week, I can't live with my visa card being compromised period!:shadedshu
Posted on Reply
#8
theJesus
I use paypal, so there shouldn't be any way they could have gotten my CC info. I still changed my password though.
Posted on Reply
#10
btarunr
Editor & Senior Moderator
by: qubit
Could this be the work of Anonymous?
The typical anon worships Gabe Newell. I won't explain why, because that will sound politically incorrect.
Posted on Reply
#11
Scrizz
by: btarunr
politically incorrect.
fuck that.
Posted on Reply
#12
v12dock
every time you hack steam gabe newell delays half life 3
Posted on Reply
#13
1c3d0g
:shadedshu This hacking thing is way out of control. Company after company turns into a victim. It's only a matter of time. I don't use Steam, but I'd love to get my hands on one of these little f*ckers and beat the sh!t out of them! :mad:
Posted on Reply
#14
[H]@RD5TUFF
by: 1c3d0g
:shadedshu This hacking thing is way out of control. Company after company turns into a victim. It's only a matter of time. I don't use Steam, but I'd love to get my hands on one of these little f*ckers and beat the sh!t out of them! :mad:
Ditto!
Posted on Reply
#15
Steven B
um how does one change their password? i see no option to do so.
Posted on Reply
#16
qubit
Overclocked quantum bit
by: btarunr
The typical anon worships Gabe Newell. I won't explain why, because that will sound politically incorrect.
Hmmm... feel free to reply in PM, or better still, GN and send me a link!

I love politically incorrect posts... :D

by: Steven B
um how does one change their password? i see no option to do so.
Two ways: run the Steam client and go to settings. That's one password. Then go to steampowered.com and click on Support. Log in there. That's a different login - I think it's the same as the forum one, but don't hold me to it - and change the password there.

I've now changed, both of course. I did it before posting up that article, in fact.
Posted on Reply
#17
Steven B
i went to settings under the steam client, but it doesn't show password?
Posted on Reply
#18
qubit
Overclocked quantum bit
by: Steven B
i went to settings under the steam client, but it doesn't show password?
Right there, it's obvious. In the Steam client, go to Steam > Settings and you see the window below.

Posted on Reply
#19
utengineer
I never used my credit card on Steam....Paypal only. Change password just in case at Steam and Paypal to be safe.
Posted on Reply
#20
qubit
Overclocked quantum bit
by: utengineer
I never used my credit card on Steam....Paypal only. Change password just in case at Steam and Paypal to be safe.
Yeah, good idea.

You have a cool username bro, Unreal Tournament rocks like nothing else. :rockout:

Welcome to TPU. :toast:
Posted on Reply
#22
H82LUZ73
by: kid41212003
Oh shit i logged off now i can't remember the passwords...

I don't even remember the security answer to do forgot passwords.:laugh:.
go the STEAM user control help ,Oh is at least separate from the forums too,Ask them to reset the pw I had to at least a month ago.All they need is a legit cd key tied to your account.

Go here if you forgot your password and your secret question,Just make damn sure you give all the right info,Also take a photo of you retail cd key or show them a receipt from an game purchase.https://support.steampowered.com/kb_cat.php?id=3
Posted on Reply
#23
n-ster
DAMN MOTHER F*** RSG SDFG DRFGSV

I'm mad...

EDIT: remember to change you password AND security question
Posted on Reply
#24
Enmity
uh oh, i just seen all this about steam and realised that i cant even log into my steam account. If I try to execute steam it comes up with

"Unable to connect to the steam network. 'Offline Mode' is unavailable because there is no Steam login information stored on this computer. You will not be able to use steam until you are able to connect to the Steam network again"

what should I do?
Posted on Reply
#25
qubit
Overclocked quantum bit
by: Enmity
uh oh, i just seen all this about steam and realised that i cant even log into my steam account. If I try to execute steam it comes up with

"Unable to connect to the steam network. 'Offline Mode' is unavailable because there is no Steam login information stored on this computer. You will not be able to use steam until you are able to connect to the Steam network again"

what should I do?
Try it again. I just had a go and it worked fine. Now, I'm in the UK and I know that you can change the servers it contacts within the client settings. Can you do that without it authenticating?

If not, I reckon just trying every so often will eventually let you in.
Posted on Reply
Add your own comment