Steam security issue revealed personal info to other users on XMas Day (fixed)

Costia said:
Not true

http://www.neogaf.com/forum/showthread.php?p=190425008#post190425008

http://www.twitch.tv/giantwaffle/v/31761287
at 1:33:00 ish
Click to expand...

In your billing info form it's a full phone number, but on account details page it's just last 4 digits.

Skyball Paint said:
If they hire people to do a specific job, their corporate culture would apparently be destroyed, and they value that more than the benefits of having people for the important, not fun jobs that creative people don't want to deal with.
Click to expand...

Apparently they also value it more than a good relationship with customers. It still boggles my mind that the biggest gaming platform on PC, with over 125 million active users still doesn't have a proper support.
 
Are people still predicting the collapse of the steam empire?

Not gonna happen, folks. GAF isn't indicative at all of the general game buying population. We've seen this time and time again.

Steam and Valve will be 100% fine, and their near-silence on the issue is absolutely the correct move on their part.

I hardly use Steam and don't really care either way, but the idea that this is going to kill them seems far-fetched.
 
Do people really have their addresses on their account information page? I didn't have a credit card attached, so the most I have is the last four digits of my phone and my email. Non-US thing perhaps?
 
It's good Valve managed to put out a confirmation of sorts within the space of a few hours after the incident, but people who wanted Valve to respond even quicker don't realise how long it takes to counter these kind of problems and to figure the correct response to it. I hope they can figure out a list of usernames that were jumbled during the mess along with the promise of credit protection for them.
 
piratethingy said:
Are people still predicting the collapse of the steam empire?

Not gonna happen, folks. GAF isn't indicative at all of the general game buying population. We've seen this time and time again.

Steam and Valve will be 100% fine, and their near-silence on the issue is absolutely the correct move on their part.

I hardly use Steam and don't really care either way, but the idea that this is going to kill them seems far-fetched.
Click to expand...
Who is saying this?

And no, their silence is absolutely the wrong thing to do.

This was a bad thought to share.
 
Nif said:
Do people really have their addresses on their account information page? I didn't have a credit card attached, so the most I have is the last four digits of my phone and my email. Non-US thing perhaps?
Click to expand...

On the account details page it would have been last 2 digits of debit/credit card

Going into checkout or clicking to "edit" the card info would take you to another screen that had your card's billing address on
 
RetroDLC said:
It's good Valve managed to put out a confirmation of sorts within the space of a few hours after the incident, but people who wanted Valve to respond even quicker don't realise how long it takes to counter these kind of problems and to figure the correct response to it. I hope they can figure out a list of usernames that were jumbled during the mess along with the promise of credit protection for them.
Click to expand...
Their confirmation was useless, didn't include an apology and very likely might have included false information.

Yeah it's good alright.
 
I'm not even sure why they're trying to cover Valve's ass, but its pretty grim reading this and seeing all the "

https://www.reddit.com/r/Steam/comments/3ya734/lets_try_to_stop_some_of_this_misinformation/

r/Steam said:
Why did Valve take 12+ Hours to put a statement?
It's Christmas. A huge proportion of office workers switch off for the holiday season and are not contactable.

The people who are working in the Valve offices at the moment are likely just IT and Customer Support. Valve will have a dedicated Brand/PR team who deal with statements for things like this. In this circumstance there was the opportunity to get it very wrong and say it was fixed before it was and to say nothing was breached, when it was.

Internally, I imagine that the IT teams were working to fix the issue and there were a large number of emails which got sent from IT to Executives and Brand/PR with updates (usually met with an Out-of-office email). Contact on Christmas day would have been hard and you don't wanna call your boss on holiday unless it is the end of the world.

This situation does highlight, however, the fact that Valve did not communicate the problems they were having and it took SteamDB or /r/steam to send information about best practices. We should have been getting this information from an official Twitter account. Valve heavily underutilises their Twitter presence - which is one learning that I would be taking from this.
Click to expand...

So much misinformation in their post about there being too much misinformation. Welp.

Contact on Christmas day would have been hard and you don't wanna call your boss on holiday unless it is the end of the world
Click to expand...

Hi Gaben, sorry to disturb you but a lot of our users are reporting that personal information is visible. I know this isn't the end of the world tktktk...
 
whyman said:
I dont think people understand how bad this was and how much information was exposed.
Click to expand...

They don't. Furthermore, many still don't understand the potential ramifications of this.

This has the potential to be extremely damaging and quite honestly is a treasure trove of information for anyone wishing to commit identity theft. The fact that it's still widely available via Google is just another kick in the ass.

Email addresses, billing addresses, phone numbers and last 4 digits of CC is enough to hijack accounts.

That was all readily available for the world to see.
 
ElectricBlanketFire said:
Who is saying this?
And no, their silence is absolutely the wrong thing to do.
This was a bad thought to share.
Click to expand...
It's the right thing to do from valve's damage control perspective.
Most users don't even know it happened. Valve just want this to blow over and be forgotten. And I think they will succeed in this.
Their previous security fuck up that let you reset anyone's password only got to 4 pages here, and looks like most people, don't even know it happened.
 
piratethingy said:
Are people still predicting the collapse of the steam empire?

Not gonna happen, folks. GAF isn't indicative at all of the general game buying population. We've seen this time and time again.

Steam and Valve will be 100% fine, and their near-silence on the issue is absolutely the correct move on their part.

I hardly use Steam and don't really care either way, but the idea that this is going to kill them seems far-fetched.
Click to expand...

It's hard to predict how the public reacts to data breaches. Target and Sony likely felt the sting of their respective breaches for years. No, the Valve empire will not fall, but consequences can and will occur when these sorts of breaches happen. Hell, consequences occur even when the company itself is not at fault (Target's hack was actually through a third party vendor in their stores). Here, Valve is 100% responsible.

Valve's silence on the issue is the highest of all incompetence. There is nothing to be gained and everything to be lost by their users. Their non-statement was incorrect which only just decreases trust in Valve's capability to handle this.

It's like a child potentially poisoning his parents, but refusing to tell them what he used.

There is utterly no excuse for Valve considering how much money they make from Steam in a single day.
 
hardcastlemccormick said:
It's hard to predict how the public reacts to data breaches. Target and Sony likely felt the sting of their respective breaches for years. No, the Valve empire will not fall, but consequences can and will occur when these sorts of breaches happen. Hell, consequences occur even when the company itself is not at fault (Target's hack was actually through a third party vendor in their stores). Here, Valve is 100% responsible.

Valve's silence on the issue is the highest of all incompetence. There is nothing to be gained and everything to be lost by their users. Their non-statement was incorrect which only just decreases trust in Valve's capability to handle this.

It's like a child potentially poisoning his parents, but refusing to tell them what he used.

There is utterly no excuse for Valve considering how much money they make from Steam in a single day.
Click to expand...

I agree with pretty much all of this, but I still believe it was in their best interest to keep their mouths shut. Certainly, as I said, scumbaggish to the highest degree.
 
RetroDLC said:
It's good Valve managed to put out a confirmation of sorts within the space of a few hours after the incident, but people who wanted Valve to respond even quicker don't realise how long it takes to counter these kind of problems and to figure the correct response to it. I hope they can figure out a list of usernames that were jumbled during the mess along with the promise of credit protection for them.
Click to expand...

I think people were just looking for an interim, "We're aware of and apologize for this issue. We are working to resolve it as quickly as possible."

Something like servers being down or just being unable to log in is one thing, but an hour or so of users randomly seeing personal, sensitive information of other users is much more urgent.
 
piratethingy said:
I agree with pretty much all of this, but I still believe it was in their best interest to keep their mouths shut. Certainly, as I said, scumbaggish to the highest degree.
Click to expand...

I don't think they are keeping their mouths closed on purpose. If they were, it would be a very nasty gamble they're taking - that news of the damage caused by their breach will never reach the ears of most consumers, or that the damage itself is minimal.

I don't think that's a gamble Valve is stupid enough to take. I'm chalking it up to incompetence and lack of manpower.

It would be nice if Valve would act like an actual, reputable company for once in their goddamn existence, just this once. I'm alright with floofy, aloof companies that make video games exclusively, but as a service provider/platform holder with my information, it's just not acceptable.
 
celcius said:
One good thing came out of this: I never saved card info on Steam, but I've gone to amazon and others places where I shop and have deleted all of my saved card info. I would encourage others to use this as a lesson and do the same. :)
Click to expand...

At least Steam gives you the option of saving cc info at checkout.
Amazon doesn't give you that option, you have to go into your account settings and remove your card info manually after every purchase.
 
silentchiloner said:
The fact this disappeared from the front page is hilarious. If this was any other service than Lord gaben's it would be pitchforks big time. Can you imagine if it was origin or uplay?

The leeway that steam gets is insane!
Click to expand...

I posted the exact same comment on the Steam reddit and a mod deleted it, so yeah.
 
silentchiloner said:
The fact this disappeared from the front page is hilarious. If this was any other service than Lord gaben's it would be pitchforks big time. Can you imagine if it was origin or uplay?

The leeway that steam gets is insane!
Click to expand...

Yeah they're apparently just getting away with this, brushing it off as if it was nothing.
 
fertygo said:
I think putting your phone number for 2 way verification and/or for emergency recovery is worth it.. worst scenario you deal with some prank. But you have extra method to recover your account.
Click to expand...

Yes I think I will put my phone number in there just encase.
 
RetroDLC said:
It's good Valve managed to put out a confirmation of sorts within the space of a few hours after the incident, but people who wanted Valve to respond even quicker don't realise how long it takes to counter these kind of problems and to figure the correct response to it. I hope they can figure out a list of usernames that were jumbled during the mess along with the promise of credit protection for them.
Click to expand...

Any official information about what's going on during the situation, along with the "we're working on this" statement, would be a good thing. Instead people were entering Steam (it's Christmas, sales times) and saw pages in a foreign language, saw someone else's login and avatar in the upper right corner, could see someone else's whishlists and billing info and had no idea what the hell is going on. Is it something with Steam? Was their account hacked? Should they worry about? For over an hour there was no official info (not everyone browse GAF, knows about SteamDB twitter account or checks the Steam message board - and even those were unofficial sources and we didn't know how certain those information was).
 
Surely having users' personal info including names/email/number portions puts Valve in an actionable position? How in the heck can you brush the fact random folks could associate your name and email under the rug?

That Reddit thread...the emotional connection some folks have to their mega-company of choice is not to be scoffed at. Get it together, steam fanboys.
 
PairOfFilthySocks said:
Surely having users' personal info including names/email/number portions puts Valve in an actionable position? How in the heck can you brush the fact random folks could associate your name and email under the rug?

That Reddit thread...the emotional connection some folks have to their mega-company of choice is not to be scoffed at. Get it together, steam fanboys.
Click to expand...
I don't know about the USA, but I am fairly sure that at least EU laws got something to say something about this.
 
ctw0e said:
Holy jesus Reddit is going insane over this. It's apparently the end of Valve and Gaben.
Click to expand...

It's better than that stickied thread at the tom of r/Steam, which is the most ridiculous "everything is just fine" interpretation of events I've seen yet.

I'd rather people go apeshit for a while. Assume the worst. Let everyone know how badly Valve fucked this up.
 
ctw0e said:
Holy jesus Reddit is going insane over this. It's apparently the end of Valve and Gaben.
Click to expand...
They may be going too crazy (haven't been on Reddit today to see myself), but hopefully in their craze they spread the word about Valve and damage their reputation. They deserve a black eye for this. Were it anyone else, Origin, Sony, MS, etc, people would likely be losing their damn minds.
 
strafer said:
It probably is.

That or they will shutdown Steam.
Click to expand...

It isn't and they won't. Just like PSN hacking and the resulting 23-day outage from 2011 didn't end Sony or PlayStation consoles. Those 125 millions users with their game catalogues won't suddenly abandon Steam, especially since there really isn't any other better alternative.
 
ctw0e said:
Holy jesus Reddit is going insane over this. It's apparently the end of Valve and Gaben.
Click to expand...

Na its not, but people will wake up and see Steam just as another company not some mystical savior

Hopefully it will encourage the growth of alternate stores, myself I've been buying GOG when I can from about 2 years, having options is a good thing
 
You must log in or register to reply here.

Similar threads

PSYCHO DEAD | Gameplay Reveal Trailer (Third-person survival horror) [PS5, Steam]
23
150
Macattk15 replied
  • Poll
Steam users threaten to boycott Metal Eden for using AI voices
News Drama  2 3
117
1K
rkofan87 replied
Digimon Story Time Stranger debuts with over 70k concurrent users on Steam (~11x the launch CCU of Digimon Survive)
Sales-Age 
5
88
Liopleurodon replied
Steam hits 40m concurrent users.
3 4 5 6 7
300
16K
rodrigolfp replied
[The Verge] Xbox Ally pricing and preorders info coming today. [Update] Prices revealed: $999 Z2 Extreme; $599 Z2
7 8 9 10 11
544
1K
Duchess replied
Top Bottom