Steam security issue revealed personal info to other users on XMas Day (fixed)
- Thread starter Quirah
- Start date
7DollarHagane
Banned
I mean what do they think people will do? Email you?
Come to your house? Why? If they wanted to rob someone they don't need a person's address for that. Theres no threat or damage to anyone here. Same as the psn "hack".
Use my info to attach my name/address to things I don't want it attached to :T
FloatingDivider
Member
They have to allow account name switches or something now, I always felt really secure in the fact that nobody knew my steam account name but those days are now clearly gone done and dusted.
FloatingDivider
Member
Nobody knows man. Nobody will know until Valve actually muster up a goddamn statement of some sorts.
Jinfash
needs 2 extra inches
I don't think the cap is restricted by number of PMs, but storage.
Back when I was receiving dick pics exclusively (for statistics) I was averaging ~88 PMs before I was forced to delete some.
robotzombie
Member
Have people been able to see transaction screens during this? I bought a game as a gift earlier today but I never checked my account page in a long time and I don't have my CC info saved, I just put it in for the purchase. From what we know thus far, is this a problem?
AHA-Lambda
Member
hmm, can log in on client and check my account details now but can't log in on site through browser
Psychoward
Banned
My password has changed
Uhhh
Uhhh
chrominance
Member
Again: many social engineering hacks rely on convincing customer service reps you're someone else by giving out information that theoretically only that person would know. Information like the home address, phone number or name attached to the account. Nintendo sometimes uses the recent purchases in your eShop account as verification that you are who you say you are when it comes to account recovery; that's exactly the kind of information revealed in this hack.
Guy LeDouche
Banned
Egads, I've been playing KSP all day, and at one point tabbed back to steam, noticed there was loading issues, tabbed back and have been playing ever since. Only now did I check Twitter and gaf and the OP advises to stay offline. Should I back out now or ride it through?
There's a lot of info, like your phone number, home address, email address and purchasing habits could be used to build a profile for identity theft - you'd need more information but it hands people a reasonable amount of information. There is a reason why Sony gave out that free identity theft protection insurance after the PSN hack.
I had logged out of the mobile app earlier, but was able to log in again with my details. Might just be a glitch with the website.
OverturePT
Member
It's lovely to come here to see if there's any updates or something and all I find is a sort of "platform war", who the hell cares if PSN hack was worse or not, who cares if people forgive Steam or not, it's up to them. Could the focus be shifted somewhere else, like if there's any valuable information out there without being drowned with these pointless posts about PSN or whatever?
Basileus777
Member
Are you new to the internet and how social engineering works or just blindly defending your favorite corporation?
John Kowalski
Banned
I have 7364 PMs, you tell me!
Cre8
You want a shot at the champ? [NG gif winner July 23]
Thanks, after a few try. I'm able to login without the server error massage. Check my profile and my games, everything is still good. Launch a game and its still me. Just change my password temporally to a long ass one.
I said it was the most upsetting part of this situation, which is true. No one will be held accountable for this and it'll happen again in 5-6 months.
cartographer
Member
Name, user name, address, last few digits of CC number, phone number etc is more than enough to social engineer CS of many different services to gain access to more info and accounts. It's an absolutely massive fuck up.
If people aren't worried about these things, go post all that info around the web. I mean, what's the harm in that?
Weeks? Days is more likely.
Their last failure about half a year ago that let you reset anyone's password got only to 4 pages here, and then promptly forgotten.
CalamityPixel
Member
Looks like a Valve broke.
I put a couple of quid on my account a couple of days ago, thank god I didn't save my paying info.
I put a couple of quid on my account a couple of days ago, thank god I didn't save my paying info.
Uh you mean Volkswagen.
SteamGuard enabled? 2-step auth? If this could be bypassed this is a serious security issue.
7DollarHagane
Banned
No, I just know a lot about identity theft and credit card fraud and that it never affects the consumer on any kind of long term basis. It happens to millions of people a year and they go on just fine with a few bits of paperwork and phone calls as the only real inconvenience.
Companies and the government have laregly considered identity theft to be easier and more cost effective to deal with after it happens rather than before.
If it really mattered people's credit reports wouldn't be open to inquiries at anytime and would require a call to lock/unlock or give further verification like most ID theft victims set up with the credit bureaus after they've been victimized.
But there's too much money to be made in offering lines of credit easily and conveniently for the system to change at a base level.
Valve is a pathetic company and I will never understand the people here and elsewhere defending them.
What happened to steam can happen to any service, I am not pissed at that. What I am pissed at is after HOURS of it going on there is no official acknowledgement or press release from Valve. That is inexcusable. I see posts like "oh hey it's Christmas, they are probably home" as if Steam is a grocery store you can just close and go. There always have to be people working around the clock to make sure everything is running smooth especially during sale time. Pretty weak how they handled this and people have to get their info from an unofficial twitter account.
What happened to steam can happen to any service, I am not pissed at that. What I am pissed at is after HOURS of it going on there is no official acknowledgement or press release from Valve. That is inexcusable. I see posts like "oh hey it's Christmas, they are probably home" as if Steam is a grocery store you can just close and go. There always have to be people working around the clock to make sure everything is running smooth especially during sale time. Pretty weak how they handled this and people have to get their info from an unofficial twitter account.
It doesn't count, really. Moderators are not in any way affiliated with Valve itself, as much as many of them pretend to be -- they know nothing more than any of us and are certainly in no position to speak in an official capacity. The grossly inflated sense of self-importance moderators on official forums tend to have is annoying, frankly, such as when Darkspore went down for a few days a couple of years ago and a global mod posted an announcement that the game had been shut down, which was later replaced with an actual official announcement to the contrary by Maxis itself.
Psychoward
Banned
Yep, steam guard enabled, email linked, cell phone linked
I didn't get any notifications that my password had changed. I reset my password but that's all I can do :/
Myself and at least one other are having the same issue. Hopefully it's just a wrinkle that needs to be ironed out and not the symptom of a larger, persistent problem.
You could get names, and addresses connected to specific Steam usernames. With a little social engineering, assholes could associate this data to an online persona (GAF, reddit, 4chan username). Some asshole with a personal vendetta would probably do some nasty stuff with this information.
We know people on 4chan were posting captures from the checkout page of multiple Steam users showing all the important info unedited. You underestimate the damage an asshole on the Internet is willing to do for the lulz.
What, you've never heard of Valve Time™?
7DollarHagane
Banned
Just to be clear I'm not defending steam I'm just saying that compromised information isn't the hassle or nightmare people make it out to be. If someone wanted your address they could probably get it easier ways than hacking steam.
It's a total clusterfuck that shouldn't have happened but I'm just calling for people to be rational and realize that they aren't in any kind of real danger.
It's a total clusterfuck that shouldn't have happened but I'm just calling for people to be rational and realize that they aren't in any kind of real danger.
What are we talking about
nismogrendel
Member
When is the store gonna be fixed? I gotta go thru my daily queue and get those cards!
PeterVenkman
Member
Mobile is not working for me
No, dear. No. That information is personal and therefore should be secure.
"But it's just your name and pho--"
NO.
Future PhaZe
Member
No, dear. No. That information is personal and therefore should be secure.
"But it's just your name and pho--"
NO.
this
this
a thousand times this
More_Badass
Member
Unlinked Paypal
Changed my Paypal password
Set Steam to offline and logged out
Anything I can/need to do?
Thankfully I only use pre-paid cards on Steam; never linked my regular credit card
Changed my Paypal password
Set Steam to offline and logged out
Anything I can/need to do?
Thankfully I only use pre-paid cards on Steam; never linked my regular credit card
Identity theft doesn't affect people long term?
EdibleExplosives
Member
So if I didn't log in during the time Steam was fucked, am I safe?
Probably not. You should only be affected if you were logged in and were trying to access your account info in the ~1 hour period it was an issue.
Similar threads
- Poll