Support NeoGAF

[Codeacious]

I think Wells Fargo is aware of something relating to Steam transactions now, as I got a just got an automated call from their fraud prevention service inquiring if the Steam purchases I made last night (gifts for my friends for Christmas) were legitimate. I've gotten such calls before when I had slightly unusual purchasing activity on my account, but they generally arrive immediately, or as soon as business hours start back up (e.g. I bought a bunch of stuff the day I moved in the evening, they called me at ~8AM the next day).

It's strange to get a call like that almost 24 hours after I made the original transactions, and for something that isn't out of the ordinary on my account; this isn't close to the first time I've had multiple Steam transactions in under 24 hours, even in the past year. I haven't logged into Steam since last night and there's no unfamiliar transactions on my bank account, so I'm guessing this is just my bank performing its due diligence.

 

[Sportbilly]

You mean second time, right?
http://www.neogaf.com/forum/showthread.php?t=1084810

I wasn't aware of that. Again, it's indefensible.

 

[jabuseika]

Is it safe to login to steam yet?

I want to see the damage to my steam wallet.

 

[Thorgal]

but for a security or data breach, communication is absolutely paramount

i disagree.

Yes i get that people are freaking the hell out ( for perfectly good reasons ) and they want Valve to give them some reasurance that they are working on it .

However , keeping it low profile until they know they got this fixed and double checked to make sure it is is still preferable to them running instantly to Twitter to shout over the rooftops : HEY GUYS ? THERE IS A GIANT ISSUE RIGHT NOW WITH EVERYONE BEING ABLE TO LOOK AT EVERYONE'S ACCOUNT AND PRIVATE INFORMATION . WE ARE CURRENTLY LOOKING INTO IT !
PLEASE DON'T BE A DICK AND ABUSE THIS OK.

 

[SmokedMeat]

No, just your password and billing address and CC number.

And nothing came of it. Here's a situation where people's profiles were literally showing up on other people's phones/PCs. You could literally have spent the money in their accounts, and fucked with their profiles. I've got almost 200 games, and I'll be furious if I lose anything, not to mention the money sitting in my account.

This is some serious shit, and now we'll see how "Lord Gaben" handles it.

 

[Tenrius]

Is it safe to login to steam yet?

I want to see the damage to my steam wallet.

Why do you think there'd be damage?

 

[Aselith]

In my opinion they handled that as best as they could. They fixed the issue and informed users in a very timely manner, and all the hacked accounts were restored. The hackers couldn't even get CC numbers because that all gets cleared when a password reset happens, which is a good security practice implemented before the flaw was introduced. They didn't go silent and then tell users two weeks later that their personal information is in the hand of hackers, which is exactly what Sony did.

Good security isn't never getting hacked, it's how you respond when it happens. And as of right now I'd still trust Valve over Sony in that regard.

They didn't get hacked, they left themselves wholly exposed twice in one year and responded poorly both times. That's not a "nobody is immune to hacks" situation. They are quickly becoming the Barney Fife of internet security.

 

[Tainted]

It has been proven by people on GAF and elsewhere that they were charged through Paypal

I don't remember there being any concrete proof. All I saw were random screenshots which could easily have been doctored up. Not saying it didn't happen, but if it did, it wasn't widespread otherwise there would be noise everywhere and probably another thread here dedicated to just that.

Not trying to downplay this...but there are many internet people around who thrive on creating hysteria.

 

[Salmonax]

What a cluster. I guess nobody wanted to volunteer to be in the security cabal. Valve really has been losing esteem in my eyes of late.

 

[flipswitch]

What's the chance of Valve releasing an official statement? Have they done it in the past?

 

[Dunkley]

With so many usernames compromised now, imagine how severe the Steam Guard bug could have been if it happened after this.

 

[Aselith]

i disagree.

Yes i get that people are freaking the hell out ( for perfectly good reasons ) and they want Valve to give them some reasurance that they are working on it .

However , keeping it low profile until they know they got this fixed and double checked to make sure it is is still preferable to them running instantly to Twitter to shout over the rooftops : HEY GUYS ? THERE IS A GIANT ISSUE RIGHT NOW WITH EVERYONE BEING ABLE TO LOOK AT EVERYONE'S ACCOUNT AND PRIVATE INFORMATION . WE ARE CURRENTLY LOOKING INTO IT !
PLEASE DON'T BE A DICK AND ABUSE THIS OK.

They should have pulled the plug on the servers immediately. There was no excuse for leaving them online for any length of time with such a pressing problem.

 

[Beefy]

why you think that's a good think?

you lose an way to recover your login if someone change email and pass during this fuckup

I forgot to add one. At least this means I won't get harassment calls.

 

[Chuck]

lol, looking at my account info now.

Add a phone number
For extra security you can add a phone number to your account.

Fuck you Valve. I hope proper legal action is taken.

 

[robotzombie]

So does the problem just involve people who went to their Account page?

 

[jabuseika]

Why do you think there'd be damage?

I had a $50 steam wallet credit from a gift card.

I'm afraid to even check. >.>


How Valve responds to this, will definitely affect if I continue to use Steam in the future.

 

[Psymatiq]

no idea if this is real or not but

https://www.facebook.com/fred.harbison.9

Hello. We apologize for Xbox, Playstation, and the Steam networks being down. This was a cordinated strike by Lulzsec, Lizard Squad, and and Shadowsec. While Anonymous was not responsible directly to this event, there were members of our collective that participated against directives. For this we apologize. We however, do not apologize for the lack of commitment by the server owning entities of Microsoft, Sony, and Steam. They do not care for their customers and as a result, their systems are down.
~Mister Grey~

 

[JaseC]

What's the chance of Valve releasing an official statement? Have they done it in the past?

I think this has blown up too much to be ignored, and yes (which was followed a few months later with an update), although I believe the statements should have been sent via e-mail as well as published via Steam itself.

 

[Boombox On]

What's the chance of Valve releasing an official statement?

0.

no idea if this is real or not but

https://www.facebook.com/fred.harbison.9

Pretty sure Xbox Live was not down today.

 

[Dunkley]

So does the problem just involve people who went to their Account page?

The problem was that if you went to your account page you'd see someone else's account info.

As far as who's information was exposed, your guesses are as good as mine.

 

[Codeacious]

So does the problem just involve people who went to their Account page?

That's the assumption right now, but it's still just that: an assumption.

 

[ViciousDS]

no idea if this is real or not but

https://www.facebook.com/fred.harbison.9

False .....I'm still not having issues with any of the 3. They are trying to claim standard Christmas day traffic as bringing them down.

Only issues so far are steam today

 

[Ludger Kresnik]

I had a $50 steam wallet credit from a gift card.

I'm afraid to even check. >.>


How Valve responds to this, will definitely affect if I continue to use Steam in the future.

If you didn't get any emails about purchases, there probably wasn't any damage done at all. Unless someone totally hijacked your account, which is pretty unlikely.

 

[Haunted]

Is it safe to login to steam yet?

We don't know.

So does the problem just involve people who went to their Account page?

We don't know.

But that is the current assumption by the SteamDB people (who are familiar with Steam but not affiliated with Valve).

 

[Palculator]

I had a $50 steam wallet credit from a gift card.

I'm afraid to even check. >.>


How Valve responds to this, will definitely affect if I continue to use Steam in the future.

Well, you'd get an email if something was purchased.

 

[sindbadthesailor]

Someone's account is still visible through google cache.

Yeah, valve's in big trouble.

 

[Hasphat'sAnts]

Still no word from Valve? They're worse than AirBnB, jesus Christ.

 

[bon]

And Valve sneaks in at the last moment to claim the title for Biggest Screwup of 2015.

 

[ElFly]

The way the credit card system is really stupid; nobody but Visa (or other CC holders) should have my info, every store should just contact them for the y / n regarding whether I can pay.

We live just waiting until one of the stores that have all our info is hacker or, in this case, makes a very stupid mistake and exposing all our info.

Honestly governments should just legislate about this.

 

[Dunkley]

no idea if this is real or not but

https://www.facebook.com/fred.harbison.9

Nah, seems like they're trying to take credit for something they did not cause, especially with XBL and PSN not having had any issues as far as I heard.

 

[Trago]

Still no word from Valve? They're worse than AirBnB, jesus Christ.

Definitely a huge fuck up on their part. What the fuck Valve, fill us in.

 

[Costia]

Someone's account is still visible through google cache.
Yeah, valve's in big trouble.

It's on google's servers. It will take a while.

 

[Matty8787]

Should I be logging out? I have no idea what the fudge is happening lol.

 

[Smash88]

Someone's account is still visible through google cache.

Yeah, valve's in big trouble.

Is it the same for everyone? Is it the person from Mexico?

 

[Ludger Kresnik]

Should I be logging out? I have no idea what the fudge is happening lol.

Nothing happening at the moment. It's blown over, I think.

 

[Rebel Leader]

Should I be logging out? I have no idea what the fudge is happening lol.

Lol? Lol?!?!????

 

[fastford58]

Haven't logged into steam for a few months, and my credit card info on there is expired.

Hopefully they fix this soon as I am looking to boot into the old account soon.

 

[jmga]

And nothing came of it. Here's a situation where people's profiles were literally showing up on other people's phones/PCs. You could literally have spent the money in their accounts, and fucked with their profiles. I've got almost 200 games, and I'll be furious if I lose anything, not to mention the money sitting in my account.

This is some serious shit, and now we'll see how "Lord Gaben" handles it.

Still no proof you could do anything more than seeing email, history of purchases and, in some cases, address and phone number. Until proven otherwise, CC info and password were secured, info could not be modified and purchases could not be made.

 

[Tendo]

So did anyone have crap purchased through their account?

 

[Dunkley]

Is it the same for everyone? Is it the person from Mexico?

I think so, they got a card attached to their account for you too, right?

 

[Rebel Leader]

Still no proof you could do anything more than seeing email, history of purchases and, in some cases, address and phone number. Until proven otherwise, CC info and password were secured, info could not be modified and purchases could not be made.

Purchases were made unless the guy from ign is a liar

 

[Anustart]

Gonna give us all a free game for the breach. Bad Rats for everyone!

 

[piratethingy]

So did anyone have crap purchased through their account?

Yeah, my friend's uncle had a ton of stuff bought.

No screens though, have to find my camera charger first.

 

[charlequin]

I think the biggest issue (other than the possibility of personal information being viewed by a nefarious party) is that Valve have done fuck all to communicate what is going on

Yep, this is beyond bush league. The most basic responsibility of a service-based company is to announce that something has happened, share any confirmed info, and shut down service until it can be verified to be safe. Valve has done none of that.

I hope people who praise valve's management structure take a good look at this situation. Every part of this fiasco -- the half-assed ddos mitigation, the apparent untested launch of code with a massive security hole, and the complete silence to their customer base -- is a direct result of an organizational culture with no leadership, no responsibility, and no employees who are expected to do difficult or unpleasant work.

 

[Smash88]

I think so, they got a card attached to their account for you too, right?

Yup, an MC.

Gonna give us all a free game for the breach. Bad Rats for everyone!

At least step it up to Bad Rats 2.

 

[JaseC]

So did anyone have crap purchased through their account?

Nope. I stopped saving payment methods after the 2011 PSN breach and my Steam Wallet balance hasn't changed.

 

[Catdaddy]

But that's not really the case from what I understand. It's just name, address, phone number, last four digits of CC, right? No passwords or usernames? You don't need to be scared about your games.

If I leave a phone number for a customer on my desk at work when I leave for the day I can get written up... Why?

https://en.wikipedia.org/wiki/Personally_identifiable_information

 

[Astarte]

I want to play some video games but I'm getting mixed messages on whether or not I should log in :[

 

[j-wood]

So valve is really going to say nothing and try to keep this hush hush huh? Doubtful the masses know what happened.

 

[jmga]

Purchases were made unless the guy from ign is a liar

The guy from IGN retracted himself later, he was just seeing other people purchases.