Monday, November 7th 2011

Steam Forums Get Nailed By Hackers

Valve, a company that operates solely online, takes its security pretty seriously and has a good reputation in this area. However, at the time of writing, its Steam forums are down, having suffered a hack attack earlier today. Visit the forums now and you see a message saying "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This attack was apparently done by hackers who want to offer free game cheats (but one should be wary of stealthy malware payloads) since before the forums were taken down, they had planted this message:
Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks?
The rest of the message then recommends a website where one can obtain all sorts of illegal game cheats, hack tools and porn. Some Steam forum users even received an email with this text, such as this NeoGAF user. There's no indication that any user's account information has been compromised. However, if you haven’t yet set up Steam Guard, now is a good time to do so, along with changing your password when the forums come back online. Also, be sure to use different a password for every login. Of course, many other gaming forums have been hacked in the past and just this year saw many hacks against such big names as Nintendo, Sega, BioWare, Epic Games and of course Sony, which was hacked many times over in protest at their business practices, such as removing the OtherOS feature from their PS3 console.

Add your own comment

34 Comments on Steam Forums Get Nailed By Hackers

Graphical Hacker
techtard said:
Maybe this is what the bitcoin project is all about. They could be using all that processing power to crack hashes and decrypt all the data that they are compromising.
Bitcoin essentially does this, but with its own files, not ones people feed it. You try to create a valid block by mining, and then if it is valid you win the grand prize of 50 BTC, but if you don't win you lose, and the computer keeps trying. Think of it as a massive brute force program that is trying to find the next block.
Posted on Reply
Senior Moderator
Just got this when I logged in today:
Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Posted on Reply
I just changed my password to a 20 character password...that wont do any good If STEAm can't get a handle on their shiznit
Posted on Reply
Doesn't matter how strong a password is if they have it, if you change it to anything they pretty much cant log in unless they get the new one.
EDIT: For the record i didn't get a news popup and i didn't see any news about the forum hack in the news tab on steam.
Posted on Reply
my steam account was hacked 2 days ago and my gmail got hacked too(same password(bad idea))

i knew it because I couldn't log into steam and I went into my gmail, and it said some crap about an unknown ip address.

steam changed everything back though and I had to change all my passwords:(

change your passwords people.
Posted on Reply
It really sucks that this happened to Valve. Kudos to Gabe for coming clean.
Posted on Reply
Overclocked quantum bit
I'm writing a news story on this as we speak.

Make sure to change your Steam account password. I've just done mine.

erocker, thanks for the update back there. :toast:
Posted on Reply
Ah okay you see the message when you go to the actual forums, i tried to log in just to see if i made an account fortunately i hadn't.

A news "story" lol.
Posted on Reply
erocker said:
We don%u2019t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
That sounds more like them just covering their ass then anything... Forum accounts and steam accounts arent linked anyway.

One more reason to use paypal :D
Posted on Reply
they hack forum password right ?

and since i don't make any steam forum account that should be save for me right ?
Posted on Reply
Add your own comment