Steam security breached

[rebora2007]

Hackers are never here for the "good" cause, even though in your point of view it is a good cause (getting free games/movies/music) hacking is a very bad thing. But they are the reason why we get free stuffs and we gotta admit, we love having those.

 

[NTV]

Hackers are never here for the "good" cause, even though in your point of view it is a good cause (getting free games/movies/music) hacking is a very bad thing. But they are the reason why we get free stuffs and we gotta admit, we love having those.

Well may as well not be good for the companies that create those products but good for us. If it wasn't for piracy we would have to buy everything which most of us can't afford.

Well I thought piracy is what you meant by the "internet needs hackers"

 

[viroware]

Hackers are bad, But there are a few "good" hackers. Attacking big company's to me isn't bad, They have plenty of cash and should have the experience to stop hackers in the first place.

Attacking small or just a one man team is wrong, From being small and at the bottom that states there more new to the whole thing. Smaller company's also make everything a lot more affordable. They need to feed there family, But the big company's bath in money.

 

[Repthon]

Tough luck to anyone that uses credit cards on steam or ps3.

 

[SirEpicWin]

Steam forum is separated from steam service,I think everyone is safe ...kindof....

OFFTOPIC:
I thing it's a set-up from valve to delay half life 3 even more.....

 

[Irahnik]

xbox live is next. then after that, it's bill gates's home

 

[TimeBomb]

I'm going to guess that this is incorrect. I've never run a site that handles raw credit card numbers, but I'm assuming it goes something like this:

1. User puts credit card number in site and checks save
2. Site authorizes the credit card through Visa (for example). If the card is valid, Visa will return a string based on some type of SSL cert that the company probably paid for + the the number provided.
3. Site uses the returned string as their saved credit card 'number'
4. Next time user purchases, site will use the saved string paired with the site's SSL cert.

From what I have read, you usually accept payment through a third party merchant service, which may or may not allow the user's data, i.e. credit card, to be accessible without having to enter it each time manually.
If steam is their own merchant service, and the database was compromised, then a two-way encrypted version of your credit card number was compromised.

I have not dealt with payments through anything but paypal in quite some time, but I do not remember and have not heard of the method you are talking about. I have also not heard of an SSL certificate being used like that. Although, I understand that this - obviously - does not mean that it does not exist.

I am not familiar with directly dealing with Visa when accepting payments, but a quick look through of their site brings me to:

You must be registered to see links

 

[Mootie]

Well may as well not be good for the companies that create those products but good for us. If it wasn't for piracy we would have to buy everything which most of us can't afford.

Well I thought piracy is what you meant by the "internet needs hackers"

Piracy is worse for companies and legitimate customers than hacking in a general sense. Hacking can be pretty much completely mitigated, but piracy is nearly impossible to stop because the user actually owns the product and can copy it easily in many cases.

 

[Omnija]

I just hate company's who are like well... we lost all your information and your probably being robbed... but it's ok because i apologize and it's not my money. How about giving us free games and stuff to make up for there problems. Since we do invest in these company's because we trust them... or so we still say.

 

[Dawson]

oh man this is too funny for reasons you all don't understand. I'm in tears right now.

 

[Squiggles]

Piracy is worse for companies and legitimate customers than hacking in a general sense. Hacking can be pretty much completely mitigated, but piracy is nearly impossible to stop because the user actually owns the product and can copy it easily in many cases.

But, ever since they started including digital copies with just about everything, you can't really get sued unless you distribute the pirated discs. =/. Of course there's exceptions, such as software, but yknow what I mean

 

[AngraMainyu]

hashed and salted means uncrackable?

You can bruteforce a 8-9 letter md5 hashed password in less than an hour if you use OpenCL or CUDA and a high end gfx card

After cryptanalysis, SHA256 has a complexity of 2^253, whereas MD5 isn't remotely collision-resistant -- something I'd wager Steam developers took into consideration. A preimage attack might work fine against a single insecure password, but in an SQL database of potentially hundreds of thousands of accounts, your options are either to pray that a secure password hash is never encountered, or run an attack against every hash in parallel before testing the cracked forum passwords against their corresponding Steam accounts which may use different passwords altogether.

 

[AverySEA]

Keep track of your games and such ? Better be safe then sorry !