Support NeoGAF

[VibratingDonkey]

Changed Steam password and email because why not. Ought to help keep that account safer from social engineering at least.

So did Steam automatically delete all saved CC information or did someone have access to my account and remove it?

Yeah I'm also wondering about this. Why did this happen and did it happen to everyone? If Valve did remove it, why?

I managed to get to my own account while shit was fucked up and tried deleting my payment details. But nothing seemed to happen, it just reloaded the page with someone else's account info. Which would appear to corroborate Valve claiming it was not possible to change anything.

 

[Gurrry]

so wait, we need to go delete our CC info?

i thought this got fixed yesterday...

 

[Kuro]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

Autism is not a negative thing. Its not something you can use to insult people with. I have an autistic family member and they have to deal with so much crap because of the way their brain works.

 

[Savitar]

Still no comment from Valve and more things are happening again?

I'm getting the impression Valve is still looking into exactly what happened and how. And if things are happening again, well....that says a lot.

 

[hardcastlemccormick]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

There's a difference between having a problem with the language used in your post versus defending Valve in this security breach.

I'm not OK with Valve's behavior here, but I also think your post was insulting and in poor taste. No need to conflate the two.

 

[FyreWulff]

This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.

Fuck you, Valve. You gave away personal information of countless people.

I have two friends. One has a lot of crazy people that would take an easy swipe if they could get at them, and this exposed this information to those people. Another friend is a survivor of domestic abuse and has spent the last day shaking and near tears because this set off flashbacks. Their abusers could have easily gotten their new address.

There needs to be some HARD fucking legislation and punishment over this shit. People, especially women, can't even enjoy playing fucking videogames because Valve seems to think spewing private information all over the web is just an "issue" that was resolved, when they're KEENLY aware there are massive, organized groups that are not only trying to break in to dox and stalk and attempt to harm people, but have successfully done so already with other services, and you just gave them info on a silver platter. It was only a slight bit of luck that the nature of the screw up didn't allow people to be targeted specifically, but it's also really bad that due to the nature of the fuck up, we don't even know who accessed what information.

This bug should have been live for all of five minutes at most, at which point they should have taken every Steam server offline, and called up all their edge providers and killed entire server racks with quickness.

 

[Reebot]

Outside of steamworks games, when are you forced to use steam in order to play the game you want?

"Outside of when you are forced to use Steam when are you forced to use Steam?"

Modern PC gaming is Steam. Don't play otherwise.

 

[spinz]

so wait, we need to go delete our CC info?

i thought this got fixed yesterday...

heres the question: is your CC still attached to your account?
Mines gone. And cant add one. I think valve "shut it down."

 

[Kirye]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

Autism isn't funny nor should it be an insult. You have no idea how much autism affects families.

No one cares that you're bashing Steam but do so without being a complete ass.

 

[Gurrry]

heres the question: is your CC still attached to your account?
Mines gone. And cant add one. I think valve "shut it down."

yeah it is, im just gonna delete it off of there for safe measure.

i wanted to pick up some games from the sale, but i guess thats not happening.

i wonder if theyll extend the sale due to this? actually, no, I know they wont.

 

[orthodoxy1095]

heres the question: is your CC still attached to your account?
Mines gone. And cant add one. I think valve "shut it down."

I think that sounds like someone deleted it for you.

 

[Reizo Ryuu]

Their abusers could have easily gotten their new address.

How exactly easily though?

 

[Costia]

heres the question: is your CC still attached to your account?
Mines gone. And cant add one. I think valve "shut it down."

Maybe they are now removing the payment options auto-complete feature.

 

[Kenai]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

Wtf msn. Why drag autism into this, especially as an insult? Do you really not understand why that's not an ok thing to do?

Oh well.

 

[efyu_lemonardo]

heres the question: is your CC still attached to your account?
Mines gone. And cant add one. I think valve "shut it down."

then why aren't you and others in your position being notified by Valve of this?
that's the least that should be happening right now

 

[Savitar]

I think that sounds like someone deleted it for you.

They couldn't. I tried to delete one guy CC info whose profile was showing up for me so no one could charge him. Every time I clicked the button I got moved to another profile. I still could easily go back to the previous guy though. It was always still there.

It was people at Valve that removed them in the end, that I'm sure of. My own was gone as well.

 

[Qassim]

Tom Scott posted a video about this issue: https://www.youtube.com/watch?v=dkSslseq9Y8&feature=youtu.be

 

[hardcastlemccormick]

heres the question: is your CC still attached to your account?
Mines gone. And cant add one. I think valve "shut it down."

An interesting and potentially concerning development. Let's hope this is Valve's doing.

Their claim of no unauthorized activity is looking mighty weak.

How exactly easily though?

We don't know and that's what is so frustrating about this.

 

[Zee-Row]

I haven't been on Steam for a few weeks but I should probably change my password right?

 

[hlhbk]

Really it's not that serious and I don't get why people are freaking out over this. As I posted before wether you realize it or not your full name, address, phone number, and email address are freely available online if you know where to look. The main alarming thing is any part of the credit card being available.

That being said it's a risk you are accepting by opting to save your payment information on retailers servers. I have been a part of many sites that have been breached, and at this point you need to realize it's not if but when this will happen to you.

As a Steam user since it was in beta in 2004 and have over 700 games in my library this won't effect my use of the service one bit.

 

[wheeplash]

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

 

[Justinh]

Maybe they are now removing the payment options auto-complete feature.

My payment info was still there when I went to buy stuff this morning. I didn't even think to check it when I went to buy DariusBurst, but it still had the auto payment stuff.

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

Oh wait, is shit going down AGAIN?

 

[SwordStruck]

Still no comment from Valve and more things are happening again?

I'm getting the impression Valve is still looking into exactly what happened and how. And if things are happening again, well....that says a lot.

What issues are happening now? I haven't been keeping up with it today but I thought everything was fixed (Though with very little Valve communication) yesterday.

 

[More_Badass]

Really it's not that serious and I don't get why people are freaking out over this. As I posted before wether you realize it or not your full name, address, phone number, and email address are freely available online if you know where to look. The main alarming thing is any part of the credit card being available.

That being said it's a risk you are accepting by opting to save your payment information on retailers servers. I have been a part of many sites that have been breached, and at this point you need to realize it's not if but when this will happen to you.

As a Steam user since it was in beta in 2004 and have over 700 games in my library this won't effect my use of the service one bit.

I think the outrage is less that it happened, but rather Valve's utter lack of a response or update on what happened, why and how it happened, etc. No urgent emails or alerts were sent that this happened to their customers.

A private email reply to a site doesn't count as a public response on the matter

 

[A-V-B]

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

It still isn't fixed?! WTF!!

 

[hlhbk]

Fuck you, Valve. You gave away personal information of countless people.

I have two friends. One has a lot of crazy people that would take an easy swipe if they could get at them, and this exposed this information to those people. Another friend is a survivor of domestic abuse and has spent the last day shaking and near tears because this set off flashbacks. Their abusers could have easily gotten their new address.

There needs to be some HARD fucking legislation and punishment over this shit. People, especially women, can't even enjoy playing fucking videogames because Valve seems to think spewing private information all over the web is just an "issue" that was resolved, when they're KEENLY aware there are massive, organized groups that are not only trying to break in to dox and stalk and attempt to harm people, but have successfully done so already with other services, and you just gave them info on a silver platter. It was only a slight bit of luck that the nature of the screw up didn't allow people to be targeted specifically, but it's also really bad that due to the nature of the fuck up, we don't even know who accessed what information.

This bug should have been live for all of five minutes at most, at which point they should have taken every Steam server offline, and called up all their edge providers and killed entire server racks with quickness.

If there information was that sensitive why save it in an online service when data breaches are an every day occurrence?

 

[Diffense]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

Nah, I was taken aback by the "arrogant autsitic programmers" part too. If you'd just called it a "tone deaf statement" from the beginning I'd be 100% in agreement.

 

[Reebot]

Now you know why Valve doesn't need a PR-branch. Their fans will do all the work for them for free.

Video gamers, as a whole, could be the single most asinine group of corporate apologists in our modern times.

Its truly spectacular.

 

[Bedlam]

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

>>>>

Really it's not that serious and I don't get why people are freaking out over this. As I posted before wether you realize it or not your full name, address, phone number, and email address are freely available online if you know where to look. The main alarming thing is any part of the credit card being available.

That being said it's a risk you are accepting by opting to save your payment information on retailers servers. I have been a part of many sites that have been breached, and at this point you need to realize it's not if but when this will happen to you.

As a Steam user since it was in beta in 2004 and have over 700 games in my library this won't effect my use of the service one bit.

lol. Statements like those are unfathomable to me. Have some people become so numb that having your data compromised is just accepted as normal these days?

Now it even seems Valve is deleting CC data from user profiles behind their backs and without notifying the users

This is a data protection disaster. Nothing less.

If there information was that sensitive why save it in an online service when data breaches are an every day occurrence?

Yay, we now arrived at the victim blaming stage!

It was Valve's responsibility to protect the data of their customers / platform users. They fucked up big time. They are to blame. Period.

 

[daviyoung]

Really it's not that serious and I don't get why people are freaking out over this. As I posted before wether you realize it or not your full name, address, phone number, and email address are freely available online if you know where to look. The main alarming thing is any part of the credit card being available.

That being said it's a risk you are accepting by opting to save your payment information on retailers servers. I have been a part of many sites that have been breached, and at this point you need to realize it's not if but when this will happen to you.

As a Steam user since it was in beta in 2004 and have over 700 games in my library this won't effect my use of the service one bit.

oh for fuck's sake, a company letting out all that information on the back of an avoidable config change is a big deal

they shouldn't be letting out any PII, no matter if it's already whizzing around the internet or not...that means any information at all that they are trusted to keep secure and that includes your email address and billing address and telephone number

stop apologising and making excuses for shitty business practices

 

[hardcastlemccormick]

Really it's not that serious and I don't get why people are freaking out over this. As I posted before wether you realize it or not your full name, address, phone number, and email address are freely available online if you know where to look. The main alarming thing is any part of the credit card being available.

Bullshit.

Unless you've been a victim of a previous leak in some capacity, there's no reason to believe this information is publicly available to the extent that it was available on Steam.

There's also no conclusive information as to how much information was available, nor what actions were potentially possible on accounts. So until we know for certain, assuming the worst is the only logical action.

That being said it's a risk you are accepting by opting to save your payment information on retailers servers. I have been a part of many sites that have been breached, and at this point you need to realize it's not if but when this will happen to you.

Absolutely. Everyone must practice constant vigilance. Internet security is important and every breach is a good occasion to educate users on best practices.

That's no excuse for telling people this isn't a big deal.

As a Steam user since it was in beta in 2004 and have over 700 games in my library this won't effect my use of the service one bit.

Congratulations. While you're busy over there patting your own back for not giving a shit about a severe data breach to unencrypted user information, we'll be over here actually discussing the consequences of this event with the severity it deserves.

 

[Savitar]

What issues are happening now? I haven't been keeping up with it today but I thought everything was fixed (Though with very little Valve communication) yesterday.

Well...

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

 

[cyba89]

Really it's not that serious and I don't get why people are freaking out over this. As I posted before wether you realize it or not your full name, address, phone number, and email address are freely available online if you know where to look.

So you want to tell us your full name, address, mail and phone number right now? You say it's no big deal.

 

[ironcreed]

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

Wow. I was hoping this was resolved for everyone.

 

[hlhbk]

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

I don't believe you.

 

[Costia]

My payment info was still there when I went to buy stuff this morning. I didn't even think to check it when I went to buy DariusBurst, but it still had the auto payment stuff.
Oh wait, is shit going down AGAIN?

No. But the community servers are down, so maybe they are changing a few things.

 

[wheeplash]

It still isn't fixed?! WTF!!

And he still has his CC info there.

I don't believe you.

I'm not gonna screenshot it just for people to believe me, I'm looking at it right fucking now.
Oh and it's not an American account either.

 

[inky]

If there information was that sensitive why save it in an online service when data breaches are an every day occurrence?

OK. Please write here:

full name
billing address (street, number, city, etc)
phone number
email address
login name (not screen name)
last digits of your credit card.

It's no big deal, the info is out there already, right? I'll be waiting.

 

[Reizo Ryuu]

We don't know and that's what is so frustrating about this.

We actually do though, there is no way to just pick any account you'd like to see with a caching error like this.

 

[FyreWulff]

I have never once, nor seen anyone else following best practices, allow personal information or payment handling pages ever enter the cache.

Valve did.

 

[Nibel]

And he still has his CC info there.



I'm not gonna screenshot it just for people to believe me, I'm looking at it right fucking now.
Oh and it's not an American account either.

Do you use the client or the website?

 

[cicero]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

If you like being an active member of a forum, you might think about recognizing if said forum is touchy or not about certain kinds of terms that are or could be used in a pejorative manner. Your 'keeping it real' might cost you access for something that isn't worth defending.

 

[hardcastlemccormick]

We actually do though, there is no way to just pick any account you'd like to see with a caching error like this.

How do you know this? Anecdotal evidence?

We don't know how bad this breach was. We don't know if people were taking advantage of it. Valve's response wasn't even factually accurate, so we can't even be sure they have solved the problem yet.

 

[wheeplash]

Do you use the client or the website?

I just searched for the Account website (cache) 5 minutes ago and stumbled upon this.

 

[Semblance]

Wow I'm looking at someone else's account page right now.
Seriously what the fuck Valve.

Uh, this is still happening?

 

[RionaaM]

Holy shit. A friend told me about this last night, but he believed someone had hacked Steam or something. So it was a problem on Valve's end? If so, could it happen again someday? Scary.

 

[Crimsonclaw111]

Damn it I hope this isn't going again, I just changed my phone number to be up to date for two step...

At least this time my card was removed and I haven't added anything back.

 

[SwordStruck]

The website seems fine to me at the moment, but all of the account pages on the client just give me a black screen.

 

[Bedlam]

I don't believe you.

What is wrong with you? Are you dating Valve?

 

[Gormless Noodle]

na I'm fine I stand by my post, do as you will

I suppose you are alright with their tone deaf statement about the outage, nothing happened, Why even apologise ?

I think you're missing the point. It's the autism part, not so much calling them arrogant or calling Valve out or anything like that.