Valve, a company that operates solely online, takes its security pretty seriously and has a good reputation in this area. However, at the time of writing, its Steam forums (http://forums.steampowered.com) are down, having suffered a hack attack earlier today. Visit the forums now and you see a message saying "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This attack was apparently done by hackers who want to offer free game cheats (but one should be wary of stealthy malware payloads) since before the forums were taken down, they had planted this message: Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks?The rest of the message then recommends a website where one can obtain all sorts of illegal game cheats, hack tools and porn. Some Steam forum users even received an email with this text, such as this NeoGAF (http://www.neogaf.com/forum/showpost.php?p=32479729&postcount=7264) user. There's no indication that any user's account information has been compromised. However, if you haven’t yet set up Steam Guard (https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519), now is a good time to do so, along with changing your password when the forums come back online. Also, be sure to use different a password for every login. Of course, many other gaming forums have been hacked in the past and just this year saw many hacks against such big names as Nintendo, Sega, BioWare, Epic Games and of course Sony, which was hacked many times over in protest at their business practices, such as removing the OtherOS feature from their PS3 console.

http://www.techpowerup.com/img/11-11-07/steamhacked07112011_thm.jpg (http://www.techpowerup.com/img/11-11-07/steamhacked07112011.jpg) http://www.techpowerup.com/img/11-11-07/steamdown07112011_thm.jpg (http://www.techpowerup.com/img/11-11-07/steamdown07112011.jpg)

Source: 1up.com (http://www.1up.com/news/steam-forums-down-after-hack)

Dang! Thanks qubit for the news

Now someone hack Origin :D.

"The Steam forums have been hacked. Thank you for your patience."

Can't people be more up-front? :laugh:

Does this effect everyone with a Steam account, or just those that use the forums? I've never been in their forums, so I'm good if it is the latter.

Steam accounts and forum are seperate. They are using vB 3.8.7. I am not surprised... (Although vB 4.x.x have vulnerabilities too)

thats why i got the below from the steam forums to my email address , deleted it anyways but i did wonder why it had the steampowered email address




Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit ************. It's safe, secure and undetected.

Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think.

Thanks again,
the """"""""""""""" team.

These people are so cool...

Changed my steam password and de-authorized all other pcs from steamguard just to make sure I didn't get my shit jacked.

These damned hackers need to stop being dicks.

Here's to hoping no data got stolen and people can return to their favorite hobby with peace of mind.
There are better (as in, more worthy) sites that could be hacked.

is it just me that finds it all a little bit strange how during the forums being hacked they want you to "change passwords and steam guards?" what if there is something valve don't know and its bumping all the new passwords and info being changed to the hackers? fair enough change the passwords and such for security but smells fishy personally. However i dont use steam forums so all should be good :)

edit** woohoo 25th post lol :L

It would be a problem with vBulletin, not steam's own platform. Not only that, but steam runs their forums separately to their steam platform.

Lastly, vB, like all good software, encrypts/hashes your passwords. Compromising the db might net you email addresses or private messages, but you won't get everyone's passwords without some serious supercomputer time.

haha that's what people get for using the steam forums. seriously, there couldn't exist a bigger group of trolls.

I don't see why someone would even want to hack Steam, now I can see Origin, but not Steam.

But yeah I like steam guard I just got this message...
http://img.techpowerup.org/111107/Capture028015.jpg

I am only viewing this thread, because Qubit said hack tools porn. Thank`s a lot , I just lost 5 mins of my fap time

is it just me that finds it all a little bit strange how during the forums being hacked they want you to "change passwords and steam guards?" what if there is something valve don't know and its bumping all the new passwords and info being changed to the hackers? fair enough change the passwords and such for security but smells fishy personally. However i dont use steam forums so all should be good :)

edit** woohoo 25th post lol :L

I don't think they mean it like that. When the forums are back online, then change the passwords.

25 posts? pfft. Just wait to see how your keyboard looks after 5500 posts - it'll be completely knackered and your fingers will have flat spots where they hit the keys! :laugh:

I can't imagine how Mussels' keyboard and fingers are after 31000 posts. :eek:

I don't think they mean it like that. When the forums are back online, then change the passwords.

25 posts? pfft. Just wait to see how your keyboard looks after 5500 posts - it'll be completely knackered and your fingers will have flat spots where they hit the keys! :laugh:

I can't imagine how Mussels' keyboard and fingers are after 31000 posts. :eek:

Mussels keyboard looks like this after 25,000 posts
http://www.funnypictures.net.au/images/cigarette-burns-all-over-the-keyboard1.jpg

Steam accounts and forum are seperate. They are using vB 3.8.7. I am not surprised... (Although vB 4.x.x have vulnerabilities too)

Yes, but many people use the same password on the forums as their steam account. Not to mention, most people link their steam community page in their forum profile.

Yes, but many people use the same password on the forums as their steam account. Not to mention, most people link their steam community page in their forum profile.

That's a security fail on the part of the user. My passwords for the forum and the Steam client don't even resemble each other.

very sad ........................

Mussels keyboard looks like this after 25,000 posts
http://www.funnypictures.net.au/images/cigarette-burns-all-over-the-keyboard1.jpg

filtered lucky charms, i wish i could buy those in VA. but seriously that is gross.

never posted there, can't imagine it effected a lot of people.

Theres something seriously wrong with the mentality of those hackers, letting cheaters run free on game servers means the game is wrecked and people stop playing it. Many good online games have been wrecked and died because of selfish asshole cheaters.

They're seriously fking retarded, and think the world owes them something, the kind of people that vandalise public property. They cant get any notoriety in their crap broken lives by doing something worthwhile so they destroy stuff instead. Assholes

Valve, a company that operates solely online, takes its security pretty seriously and has a good reputation in this area. However, at the time of writing, its Steam forums (http://forums.steampowered.com) are down, having suffered a hack attack earlier today. Visit the forums now and you see a message saying "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This attack was apparently done by hackers who want to offer free game cheats (but one should be wary of stealthy malware payloads) since before the forums were taken down, they had planted this message:The rest of the message then recommends a website where one can obtain all sorts of illegal game cheats, hack tools and porn. Some Steam forum users even received an email with this text, such as this NeoGAF (http://www.neogaf.com/forum/showpost.php?p=32479729&postcount=7264) user. There's no indication that any user's account information has been compromised. However, if you haven’t yet set up Steam Guard (https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519), now is a good time to do so, along with changing your password when the forums come back online. Also, be sure to use different a password for every login. Of course, many other gaming forums have been hacked in the past and just this year saw many hacks against such big names as Nintendo, Sega, BioWare, Epic Games and of course Sony, which was hacked many times over in protest at their business practices, such as removing the OtherOS feature from their PS3 console.

http://www.techpowerup.com/img/11-11-07/steamhacked07112011_thm.jpg (http://www.techpowerup.com/img/11-11-07/steamhacked07112011.jpg) http://www.techpowerup.com/img/11-11-07/steamdown07112011_thm.jpg (http://www.techpowerup.com/img/11-11-07/steamdown07112011.jpg)

Source: 1up.com (http://www.1up.com/news/steam-forums-down-after-hack)

The lot.

That's a security fail on the part of the user. My passwords for the forum and the Steam client don't even resemble each other.

I am subscribe to so many different forums and e-mails etc etc that I can't possibly remember that many passwords

I have 5~6 passwords with a variation on some, but it is always a pain to remember which password I put where, so I end up doing the "forgot password" 25% of the time

It would be a problem with vBulletin, not steam's own platform. Not only that, but steam runs their forums separately to their steam platform.

Lastly, vB, like all good software, encrypts/hashes your passwords. Compromising the db might net you email addresses or private messages, but you won't get everyone's passwords without some serious supercomputer time.

Maybe this is what the bitcoin project is all about. They could be using all that processing power to crack hashes and decrypt all the data that they are compromising.

Maybe I'm just paranoid.

Maybe this is what the bitcoin project is all about. They could be using all that processing power to crack hashes and decrypt all the data that they are compromising.

Bitcoin essentially does this, but with its own files, not ones people feed it. You try to create a valid block by mining, and then if it is valid you win the grand prize of 50 BTC, but if you don't win you lose, and the computer keeps trying. Think of it as a massive brute force program that is trying to find the next block.

Just got this when I logged in today:

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

I just changed my password to a 20 character password...that wont do any good If STEAm can't get a handle on their shiznit

Doesn't matter how strong a password is if they have it, if you change it to anything they pretty much cant log in unless they get the new one.
EDIT: For the record i didn't get a news popup and i didn't see any news about the forum hack in the news tab on steam.

my steam account was hacked 2 days ago and my gmail got hacked too(same password(bad idea))

i knew it because I couldn't log into steam and I went into my gmail, and it said some crap about an unknown ip address.

steam changed everything back though and I had to change all my passwords:(

change your passwords people.

It really sucks that this happened to Valve. Kudos to Gabe for coming clean.

I'm writing a news story on this as we speak.

Make sure to change your Steam account password. I've just done mine.

erocker, thanks for the update back there. :toast:

Ah okay you see the message when you go to the actual forums, i tried to log in just to see if i made an account fortunately i hadn't.

A news "story" lol.

Frontpage story about the Steam account hack now posted: http://www.techpowerup.com/154947/Steam-Hack-More-Severe-Than-Thought-Change-Your-Password-NOW.html

Please make further posts about this in that thread

We don%u2019t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

That sounds more like them just covering their ass then anything... Forum accounts and steam accounts arent linked anyway.

One more reason to use paypal :D

they hack forum password right ?

and since i don't make any steam forum account that should be save for me right ?