Rebel Leader
THE POWER OF BUTTERSCOTCH BOTTOMS
Give me your info... I'll make some calls and coax them out of more info
Steam security issue revealed personal info to other users on XMas Day (fixed)
- Thread starter Quirah
- Start date
Give me your info... I'll make some calls and coax them out of more info
Basileus777
Member
Valve has responsibilities to their customers and users (despite their long commitment to avoiding them), and responding to a serious privacy leak is one of them. "Hey it's Christmas," is not a valid excuse for the sort of business they are in.
Yeah. This seems falls entirely on Valve.
If anyone is using Paypal and is overly worried, it might be time to change the email address paypal is associated with (I assume that is possible) since barring Steam from the purchase option in paypal will not protect other uses
That's assuming Valve do not respond at all. Previously they have responded up to a day after the fact (see earlier post) outlining what happened, why, apologising etc. They still should have responded much quicker and with greater frequency as soon as they re-opened the store. There is no excuse for that when they can talk to bloody Kotaku, of all places
A lot of people are saying "I hope they get a big law suit on their hands". I'm not crapping on anyone. Just really don't see the big deal since I'd imagine that there is close to zero chance that this one hour long random event where the possibility that another confused gamer could see your email address would lead to something at all.
Then you might want to start labeling Valve 'horrible', because you won't be getting any of that if history is any indication.
Hasphat'sAnts
Member
I work in a heavily regulated industry. If I ever used "it's Christmas" as an excuse for why an operational risk event was not mitigated on time, the regulators would've laughed me out of the room and I would've been fired.
Luckily for Steam (and unlucky for us), they don't have the OCC and the CFPB vetting everything they do, but for a service that had 125 million active users as of Feb. 2015, you'd think they have better controls/procedures in place than this garbage.
Luckily for Steam (and unlucky for us), they don't have the OCC and the CFPB vetting everything they do, but for a service that had 125 million active users as of Feb. 2015, you'd think they have better controls/procedures in place than this garbage.
Relaxed Muscle
Member
Mjöölnir;190443921 said:
Corporations are accountable for class action lawsuits when they have a security problem that leads to the leak of private and sensible information of their customers.
Countries like mine, enforces by law, the proper handling and protection of that data, because it can led to indetity theft and other serious problems.
You can't get more "real world" than that.
Silent Chief
Member
No, but they should pay people to be on standby. I miss getting those thousands of dollars during the holidays. It all goes to Chief Executive bonuses these days.
PiPSmallie
Member
You entrust your personal information to these companies with the promise that they will protect it and always keep it between just the two parties.
When it's the companies fault that your information ends up accessible to anyone else random or otherwise I'd be pissed. Companies have been sued over smaller things.
Edit: Basically what Relaxed Muscle said.
When it's the companies fault that your information ends up accessible to anyone else random or otherwise I'd be pissed. Companies have been sued over smaller things.
Edit: Basically what Relaxed Muscle said.
ElMexiMerican
Member
Definitely better to be safe than sorry, especially with debit cards.
No kidding. I'm responsible for a tiny fraction of what Valve is and my staff is on-call right now and would respond to customers having an emergency situation within 30 minutes.
It is, and that probably is the best idea if anyone is concerned about that.
cartographer
Member
Most people with an understanding of the situation aren't worried about purchases using their Steam accounts. There have been some reports but AFAIK none that are verifiable.
However, username, address, phone number, last four digits of CC, e-mail etc are all incredibly valuable to social engineering. Especially the last four digits of your CC, and especially when that is shown on a page with your username and e-mail. All that is dangerous to have in combination because it can be used to get more information and access to other accounts.
They shouldn't be able to buy anything because what people were accessing is cached data, not an open session. What is bad is that somebody could potentially use the personal information that was exposed to cause damage in some other service.
Well, someone who may have wished to remain anonymous on their steam profile could've been revealed if someone saw their email address which could contain their name.
I don't think there's much harm to customers from today's fiasco, but it begs the question...if Valve screwed this up, what else are they screwing up that we don't know about?
texhnolyze
Banned
Mjöölnir;190443921 said:
Google cached.
It's on the internet forever.
Mihos
Gold Member
Statements on these kind of things come from legal and marketing, not 3rd shift IT guys
i had actual CC, and no billing info was viewable.
Icedburden
Member
Why do you want compensation, did you lose something? Do you ask for handouts for everything that happens? Cool your jets.
If they can prove or at least tell us what exactly has happened, I'll put some faith back in their systems. If not, then my business is going elsewhere.
I'll fat more worried if I don't have mobile phone number on Steam Guard. At least I can recover my shit if someone figuring my login and changing it.
sindbadthesailor
Member
Mjöölnir;190443921 said:
Yeah, in the real world, identity theft is a thing.
Valve's about to get a few class action lawsuits from the people whose personal information was exposed and they deserve nothing less. Hopefully it gets them to create some sort of culture of accountability.
Spirit of Jazz
Banned
The Gaf corporate defence force may not be the worst defence force on Gaf, but it never fails to rile me up. Could you stop defending massive corporations leaking personal information? I don't think that it takes a modicum of intelligence to understand why people might be upset over this.
Psychological Intellect
Banned
Does Valve have a PR department?
Codeacious
Banned
People need to understand this. Most of the PII leaks that have come out in the past year that I can recall didn't have CC digits, which makes this issue far more frightening.
That poor, poor soul. I seriously can't imagine what they're thinking right now, if they know at all.
Mass_Pincup
Banned
Potentially his private informations?
As safe as it ever was. According to valve's response to kotaku its all fixed now.
Icedburden
Member
I'd use offline mode if you REALLY want to take precautions. But I wouldn't place any transactions.
i dont see why it wouldnt be safe to play games. The damage thats done is done.
RadioJoNES64
Banned
So my actual account info shows for me now. That's a start.
Garrett Hawke
Member
I feel like people are really underestimating the amount of social engineering you can do with what this breach may have provided
You could probably try and gain access to either people's Steam accounts or their other accounts using this info just by talking to a CS rep or putting through a "lost access to email" help request.
You could probably try and gain access to either people's Steam accounts or their other accounts using this info just by talking to a CS rep or putting through a "lost access to email" help request.
Silent Chief
Member
Mjöölnir;190444194 said:
What's the percentage of valve users who would copy and try to monetize random people's credit cards and personal info. I would think it's relatively high.
LurkerPrime
Member
I'm convinced that a mirror is handling everything.
Basileus777
Member
Handouts? Are we using political dog whistle language to defend the leak of private information now?
Icedburden
Member
Potentially. I'm sure mine is out there too, but asking for freebies if I'm doing just fine seems a little... Disingenuous.
Silent Chief
Member
Not for something like this. This is completely unthinkable.
I mean I use Steam Guard so have fun trying to get into my Email
You might be able to gain access to a person's bank account if the rep who answers is stupid enough. You might need to find the person's birthday though, possibly availibale on facebook since you know the full name.
This is unlikely to happen since the whole thing was random, but still possible.
Famous last words?
Big-ass Ramp
hella bullets that's true
I'm fairly certain I've gotten my bank account number and routing number on phone support with the same amount of information that was exposed to internet strangers today.
Disaster Nebraska
Banned
The last thing we'd want to happen in this situation is for Valve to look bad. I really appreciate the wall-of-text from posters telling the rest of us to calm down. The regurgitation that "it's just a caching issue" even though that's not at all how caching works is very helpful at keeping everyone calm. Lastly, thanks to each user who reminded us of when other online services were hacked. Understanding the full context of the history of account hacks helps those of us with possible personal info compromised to keep it all in perspective.
Icedburden
Member
Political dog whistle? Don't bring that nonsense in here.
It's like asking for handouts on the street when your not homeless. There's a problem, but YOU aren't affected in any way personally. You lost nothing.
Garrett Hawke
Member
Do you use a Hotmail/Live/Outlook email? Because if so, and you have it connected to Xbox Live with payment info, someone could feasibly use the fact that they now know your full name, full address, and last 4 numbers of your CC in order to convince MS's customer service that you have lost access to the account but you can prove it's you by giving them all that info, then get access to your Steam once they have your email.
Not saying it will happen as I doubt most of the people who even saw this glitch would do or even try anything like that but it's possible, which is what some people are so worried about (and fair enough).
Self-update: just tried now and I'm logged into the store via Firefox. Had to login again when I went to community, but now it's okay there as well.
Mass_Pincup
Banned
I mean they fucked up, The infos should've been private and not visible by anyone. Even having to deal with this thing on Christmas Day is bad enough, but for a significant amount of time people didn't even knew if their credit cards were compromised. You even have people in this thread who canceled their debit cards. It shouldn't have happened at all, and in this case compensation is a sign of good faith.
Silent Chief
Member
That reminds me. After 911 we were given action to follow in case of catastrophic emergencies. It was written that in the case of bomb threat the employees would have to check their own work area because they are the person most familiar with the layout and how everything is supposed to look.
Well, if anyone had asked me to check if there was a bomb under my desk I would have walked out. Sorry, not feeling well.
Well, if anyone had asked me to check if there was a bomb under my desk I would have walked out. Sorry, not feeling well.
Similar threads
- Poll