You have to open the Steam software its not available on the browser.

Alright. I thought it was on the site itself.

Should also show up when you right click the icon in your taskbar

Changed. I also deleted my debit card info.

Thankfully, I got a new credit card since the last time I bought a game on Steam, so I won't have to worry about that. The only thing that was really at risk was an old e-mail I don't care about that I was using for my SPUF account, which I have now generated a new password for (thank you KeePass), and have also done so with my Steam account, just in case.

New password :verymad:

Anyone else having problems logging into Steam? I changed my password before I left work, and now it won't let me log in. I've tried resetting my password repeatedly, but it WON'T WORK!

EDIT: Curse me, typing it in wrong many times.

/\ Nope.

I changed my password even though I'm not to concerned. Better safe than sorry, seeing I just got Skyrim and all.

Sorry if you took my post as condescending. That's not how it was intended. Just pointing out that there's no need to have a heart attack about the data that was acquired. It's annoying, yes, but the data doesn't have much immediate scam value. If you change your password it's unlikely anything bad will happen to you. Again, though, if you want to rage on people and be upset that's your prerogative. Just try not to freak people out too much. :shrug:

Id like to thank who ever did that, job well done.

Wait... what? Are you encouraging people to hack Steam? :spotted owl:

If the hackers could breach Steam's database, I believe they are also quite capable of decyphering the data.

I use iDeal on steam, which is secure, right?

i hope they don't get my information, my purchasing info was saved for me even though i always checked the do not save tile :/

The fact that Steam is implicit for the PC version makes me reconsider purchasing it. Wish Beth/Zenimax wasn't so anol about it.

If I buy a physical copy in a physical store, why on EARTH should I be forced to use Steam simply to be allowed to play?

Cracking encrypted data is a little bit different to taking advantage of client-server loopholes. If they managed to bruteforce their way onto Steam's servers, they could just as easily bruteforce all your Steam passwords (and Amazon, eBay, PayPal, etc) without stealing the database, which would render any degree of security entirely moot. Cracking a salted/hashed credit card number using a suitably high bit key is an incredibly intensive computational operation, and we're talking millions of possible codes to crack before they even know which accounts would be worth going after.

Should be, yeah. It doesn't leave any info attached to your Steam account.

Yeah and out of the 35 million Steam users it's highly unlikely they'd go through the trouble of cracking your password.

Well it depends. Cracking a single password is already far too much work if that password is Strong. But if you use weak passwords, as in very weak, they can do a light password search through the whole database, spending little time on each user.

If you use a really weak password, like the same as your login with a number in front or bad, or the incredibly popular "123456", expect it to be hacked already even if it's just one among 35M.

They were salted though, so rainbow tables won't work. When properly salted, hashes have to be cracked individually.

From my experience, hackers who are looking to profit usually don't announce that they have hacked the database unless the company fails to pay them their "consulting fee" to keep it quiet.

That suggests that this was just a group of social deviants looking to cause mischief.

On the other hand, Valve could have refused to pay them off and in that case it is safe to assume the following:
1. They are highly skilled.
2. They stole the credit card and password databases because they also stole the encryption keys.
3. Your data will be compromised if it hasn't been already.

Due to the nasty nature of scenario 2, I strongly recommend that you change all of your Steam-Related passwords and watch your financials closely.

Right.

Every company that released their games as steam-only can say, cool, we don't look bad, our stuff wasn't compromised! Oh and yeah, and we didn't even have to attempt to have a tight, secure data policy. We're simply off the radar and we look squeaky clean!

Not to me, you don't!

You guys released New Vegas and are releasing Skyrim on a forced distribution service which has had its customer data compromised. Congratulations!

Not that I care much for World of Warcraft this very second - - because I don't - - I think Mists of Pandara is literally the "too bad it's not a joke" expansion.

... but there's no data security problem over there at Blizzard. Because they take data security seriously. And some other game companies apparently do not.

PS: Some hashed, salted etc. passwords can be de-encrypted. I've had to do it in the course of my regular job type stuff. Here's to hoping nobody re-used a Steam account password for other services. But, what's the chances of that, right?

Edit: Oh yeah almost forgot. Encrypted credit card numbers. (Unencrypted) addresses! Sweet....

Edit2: Steam Guard service? I can see that that's supposed to prevent other people from messing with you subscribed games within the service. haha? What a concern, when your credit card and personal information have just been pwned.

I'm pretty sure Valve takes data security seriously, too, and their response so far has shown that for me. (As is the fact that Steam hasn't had a security issue like this until now. Valve had HL2's source code stolen off a server way back in the early 2000s, but that was well before the days of Steam.)

Compare that to what happened with Turbine (LotRO, DDO devs) last month. Their forums had an epic security flaw which was brought to their attention in the form of stolen data. They shut the forums down for "emergency maintenance" and then said nothing more--for about two weeks.

The trouble with this is Turbine, very stupidly IMHO, links your forum and MyTurbine logins. Meaning that if your forum username/password was stolen, if it was decrypted, whoever stole it had instant access to your game account and any sensitive information you might have had stored at MyTurbine such as oh, I don't know, billing information.

And yet they waited two weeks to inform their users that they should change their passwords. That's absolutely disgraceful.

With the Steam situation...we know our forum information was taken, and some accounts compromised there. We also know that they had access to "a database" from Steam itself. This doesn't mean any information was taken (Valve is still investigating), and to me the wording of "a database" implies that the hackers didn't have access to all 35 million accounts. Possibly only some of them.

And for the record, implying any database, be it Valve or Blizzard's, is 100% secure is tomfoolery. No database is 100% secure and failproof. Steam is a large service. The sharks have probably been circling for quite some time, trying to find a way in. They've probably been doing the same to Blizzard for years, and I'll bet you anything they're doing the same for Origin, etc.

Yes, it is the responsibility of those services to do their utmost to keep your data as secure as possible. However, it's also your responsibility to not be equally dumb about your data security. Don't reuse passwords. Use secure passwords. Do use Steam Guard. Don't have a company save your account credentials/billing information. Etc.

My comment was vague and needs the context that was before it to be read right. I wasn't actually meaning Steam in it. I meant the companies who use Steam, such as Bethesda. Companies which run their stuff out of Steam need not concern themselves with making their data security be like Fort Knox because the sensitive information isn't kept by them personally. And if someone gets their fingers on that information, John Q Public won't think to be pissed at them, Steam takes the brunt instead. Nice, convenient, clean, and probably the cheaper-cost way to go about it.

And all of this non-accountability is what I don't respect, and why Steam does not have my information. They don't have it because they shouldn't have it, and don't need it.

I'm personally unable to purchase either Rage or Skyrim because of this attached Steam junk. I don't appreciate that.

The genuine pro companies aren't shirking the responsibility of running patch servers and having strong data security. So I respect that. Even companies whom on a level I hate because of how they neglected certain other things (Origin - EA - Ultima Online), when they're willing to step up to the plate and be the pro with the data security, I can't knock that.

1. Get a password manager
2. Have it generate completely random and strong passwords for all your accounts
3. Have it remember all your passwords for you
4. ????
5. PROFIT!!!


Erm yes, yes they most certainly are. I can pretty much guarantee it. Even the ones diligently applying patches, it takes time to verify the patches don't screw anything else up and have an approved maintenance window to apply them from the superiors (who don't understand why the system needs to go down for maintenance -- it seems to be running fine to them :facepalm: ). This is to say nothing of the countless systems running OSes that cannot be patched due to lack of support.

And even then, all you are doing is closing the hole for the script kiddies to crawl in through. If someone is determined to get in your system, if you aren't a network security guru tailing your logs, they are getting in -- no ifs ands or buts.

Also, sorry to burst your bubble, but EA's been hacked, Blizzard's been hacked. Microsoft's been hacked, Google's been hacked -- it's hard to find a company that hasn't been hacked.