Support NeoGAF

[Dick Justice]

Maybe they're figuring out what went wrong, what they did/need to do to fix it and what we need to do, then they will inform us. Big businesses have processes to follow.

When our private details are potentially out in the open, it'd be real nice for the company who fucked up to notify us.

 

[Hektor]

The silence is probably due to them figuring out how to put it nicely they got fucked.

"eh... Joe, do you remember the number of our lawyer?"

 

[KR_remix]

I haven't logged into steam in weeks, am I probably not at risk?

 

[Rebel Leader]

They can't see passwords correct? I won't be that upset aslong as they can't see passwords.

How about your name and address?

 

[cilonen]

I was logged in. Had just done a purchase maybe 15-20 minutes before. Was setting up my Steam Controller, hahaha.

So Up, Down, Up, Down, Left, Right, Left, Right , A+B does a lot more than we thought then.

Sorry!

 

[AJ_Wings]

What a catastrophic fuck-up. The event was extremely unfortunate, Valve's silence, however, is downright appalling.

Like.. I'm not shocked that I don't myself as surprised as I should be since the "being uncommunicative as fuck" shtick is business as usual for this fucking company.

 

[Ucchedavāda]

My guess is that if it wasn't an external breach then it was some weird cascade failure scenario (i.e. heavy load leads to components failing in an unusual order). I hope Valve provides at least the general basis of what happened.

Yeah, I don't think it is a breach, either.
The explanation that this is a problem with their caches makes sense, but I just cant imagine them messing around with that right now, so it resulting from a cascade of failures, as you suggest, could explain that.

 

[inky]

Lionel Hutz probably doesn't work Christmas.

Please, he's already on the case.

 

[Reebot]

I don't think you can sugar coat this.

Nonsense, we've got people in this thread trying their damndest right now.

It took like 20 pages for the apologists to admit data had even been compromised.

 

[texhnolyze]

Is this true?
http://steamcommunity.com/discussions/forum/0/458604254431478327/

 

[Mr. Luchador]

You know shit is serious when something is trending worldwide.

Eastenders?! ffs.

 

[LiegeWaffle]

SteamDB has no affiliation with Valve, they're just guessing at what happened. I don't understand why people keep linking to them...

Because their blogpost is actually a reasonable technical guess which is consistent with what other people observe and facts that they know?

 

[fertygo]

I might change my email and pass after this (its unique to steam for both)

but hypothetically what baddies can do with your phone number?

I imagine changing number in steam guard would've majestic pain in the ass

 

[mugurumakensei]

Maybe they're figuring out what went wrong, what they did/need to do to fix it and what we need to do, then they will inform us. Big businesses have processes to follow.

Eh, this is Valve, we might get an answer in 4-5 weeks if they are feeling generous.

 

[2Crisis]

Regardless of the fact that the access may have been read-only and no purchases possible,

it's still a massive leak of PII, which is 100% inexcusable.

 

[GifGafIsTheBestGaf]

They really shat the bed. Why did I bother coming to GAF right now, since it seems they blocked access to account details and wallet, well at least I can't access them through the client, I don't know if my account was messed up.

I have been logged in since morning with my client, I hope i didnt fuck up by doing so.

 

[Tainted]

This is why I never save my credit/debit info on any digital store. Ever. Exactly for stuff like this.

Imagine the shit show if Paypal ever got hacked :/

Obligatory touch wood of course

 

[Delusibeta]

So according to the Steam DB blog this wasn't a hack or DDOS? Weird coincidence that if it IS an internal error it's happening on the one day that hacks and DDOS attacks happen historically

The theory is that it's a duff change to the caching as a result of the threatened DDoS.

 

[mere_immortal]

Maybe they're figuring out what went wrong, what they did/need to do to fix it and what we need to do, then they will inform us. Big businesses have processes to follow.

Here's what you do in that case:

"We are aware of an ongoing issue etc. etc." At least let us know it's being worked on and have them acknowledge it.

 

[Wowfunhappy]

They are clearly aware since they shut it down.

Would still be nice for them to say something.

 

[Elija2]

Welp, I was logged in earlier today. I don't have my credit card info saved, but it'd still be shitty if someone saw my account info.

 

[Farsi]

How about your name and address?

I don't care about that. I just care about my password.

 

[Deleted member 80556]

Is this true?
http://steamcommunity.com/discussions/forum/0/458604254431478327/

It's a community moderator, so we are taking it with a pinch of salt.

 

[Grief.exe]

Updated the information post demonstrating users were able to access full cell phones and address records. Sent the information along to Valve Time so they wouldn't forward false information to a wide audience.

So I got on steam and to pick up a couple games and it keeps pushing me through peoples accounts and this is bad guys... I can see the persons full name and phone number and address...

My names not james....

 

[Radio]

Valve would comment, but they are too afraid to log in and risk their account being added to the cache.

 

[ashecitism]

Completely unacceptable! Didn't think this year could go any worse for Valve and here we are. Unfortunately this won't lead to changes within Valve. They're too proud for that and there's always a group of people who'll forgive them.

 

[Succinct Verbosity]

.

Okay. Cool. You are a star. One last thing, I haven't used PP in ages, and I have a charge of 0.00 - so my assumption is that it is a historic charge from ages ago and not a recent one? I mean there is nothing else in my purchase history.

 

[FortuneFaded]

Eastenders?! ffs.

Bobby killed Steam confirmed.

 

[Cheeseman Battitude]

When our private details are potentially out in the open, it'd be real nice for the company who fucked up to notify us.

Why? We already know.

 

[TheFatOne]

Here's what you do in that case:

"We are aware of an ongoing issue etc. etc." At least let us know it's being worked on and have them acknowledge it.

Exactly this. Their continued silence on this does not look good on them period.

 

[Monooboe]

So if they didn't get hacked and it was purely their own fault, that will be one major blow against them. Being hacked can be quite easily forgiven but this is something else.

 

[Bold One]

Big companies move slowly,

We have no choice but to play the waiting game

 

[Watto]

They are clearly aware since they shut it down.

We don't actually know it's been taken down by Steam do we? Could easily have just crashed due to everyone logging on or maybe part of the attack. Until Steam actually SAY SOMETHING we can't say anything for certain.

 

[The Dear Leader]

They can't see passwords correct? I won't be that upset aslong as they can't see passwords.

No I don't think so, you are prompted for a Steam guard code if you try and change a password, so someone would need both a Steam guard code from your email and the old password to change the password to be able to access the account now. As far as I know, I'm no expert.

 

[commissar]

Christmas Day breh.

Nah, this is a called-into-the-office, fuck-your-christmas situation.

 

[CHC]

Asking again... I'm away from home. Is everything good as long as I don't log in?

 

[arts&crafts]

It wont let me play Path of Exile

 

[jmga]

Paypal screenshots are obviously fake because Steam redirects you to Paypal and you have to log in and confirm the payment there to finish the purchase.

 

[kami_sama]

Okay. Cool. You are a star. One last thing, I haven't used PP in ages, and I have a charge of 0.00 - so my assumption is that it is a historic charge from ages ago and not a recent one? I mean there is nothing else in my purchase history.

I also had a 0.00 charge. I think it's to preapprove steam. Don't worry.

 

[Grief.exe]

Big companies move slowly,

We have no choice but to play the waiting game

Valve is actually a relatively small company.

Paypal screenshots are obviously fake because Steam redirectes you to Paypal and you have to log in and confirm the payment there to finish the purchase.

That's how it works for me as well, not sure if that's ubiquitous.

The problem is, people do have their debit cards attached which are instant.

 

[Dick Justice]

Why? We already know.

Not everyone reads Gaf or Reddit. Use some common sense.

 

[Dunkley]

Why? We already know.

GAF =/= the entirety of Steam's user base.

 

[King_Moc]

What a catastrophic fuck-up. The event was extremely unfortunate, Valve's silence, however, is downright appalling.

Its classic valve. They can do what the fuck they want though. Give it 2 days and everyone will be saying how much they hate services they've never used, like origin and uplay and much prefer steam.

 

[abracadaver]

Paypal screenshots are obviously fake because Steam redirectes you to Paypal and you have to log in and confirm the payment there to finish the purchase.

No

 

[Macrotus]

WTF....

Normally, if random users account is exposed, especially with THIS amount of information exposed, companies should contact every users ASAP.

WTF is Valve doing...

 

[megalowho]

They are clearly aware since they shut it down.

That's not what communication with your customer base looks like, which considering the magnitude of the issue doesn't seem like a tall ask at this point. It says a lot about Valve as a company.

 

[Cheeseman Battitude]

Here's what you do in that case:

"We are aware of an ongoing issue etc. etc." At least let us know it's being worked on and have them acknowledge it.

And then people would complain it's just a standard response. They're between a rock and a hard place ATM, so any time spent on sending a notification is time wasted IMO.

 

[ironcreed]

Updated the information post demonstrating users were able to access full cell phones and address records. Sent the information along to Valve Time so they wouldn't forward false information to a wide audience.

Uh huh. They are fucked.

 

[epmode]

Paypal screenshots are obviously fake because Steam redirectes you to Paypal and you have to log in and confirm the payment there to finish the purchase.

Not always. The PayPal credentials are occasionally unnecessary. I know because I use it.

 

[True Fire]

The digital future is going to be a dangerous one. This is a pretty eye-opening situation.