It is currently Thu Nov 21, 2024 3:02 am

Steam compromised, Data potentially taken

Steam has so many games these days that it's impossible to list them all here. If you're into playing games on Steam, share your thoughts here! Better yet, friend a 'goon today.
Forum rules
This forum is specifically for discussing Steam, Steam games, and other activities related to Steam such as sharing details for multiplayer games that require Steam IDs.

Steam compromised, Data potentially taken

Postby Grimblast » Fri Nov 11, 2011 7:30 am

For those of you that use Steam, Ben and Matt both let me know that apparently Steam was hacked. Ben sent me this article which better explains what happened. At least Steam didn't wait as long as Sony did to report something had happened. Plus, it looks like Steam used proper security measures for their stored data unlike Sony which stored their passwords and vital customer info in less secure ways. I do recommend watching your bank account activity for awhile in case any suspicious activity happens but if what they mention in that article is true, you may not really have to worry much, if at all. A good practice though is to change your Steam account password just in case and just keep an eye on whatever credit card you used for any unknown expenditures.
Guild Wars 2 Characters
Turalia Gearspark - Asuran Engineer ----------- Turus Gearspark - Asuran Guardian
Thelena Turusian - Norn Warrior ---------------- Jake Turusian - Human Thief
Dililah Turusian - Norn Necromancer ------------ Rahl Braincrusher - Char Mesmer
Star Earthbreaker - Sylvari Elementalist -------- Rylo Preystalker - Char Ranger
User avatar
Grimblast
Site Admin
 
Posts: 2513
Joined: Wed Jul 05, 2006 3:21 pm
Location: Alamogordo, New Mexico
Gender: Male

Re: Steam compromised, Data potentially taken

Postby Zancarius » Fri Nov 11, 2011 10:36 am

As a follow-up, someone posted this screencap of an e-mail from Gabe Newell who stated that all card information is encrypted using AES256; while AES256 does have some known attacks, the cipher is secure, and assuming the e-mail is indeed valid even a best case attack would still require 8.5x10^37 operations to complete. That's about one magnitude fewer than the number of available (albeit not used) IPs in IPv6. If you converted each operation to a mile, you could travel back and forth between here and the Andromeda galaxy about 348,000,000,000,000,000,000 times.

Also, it should be noted that the attackers will likely never see the credit card information in their lifetimes (or their children's lifetimes or their children's children or...) barring 1) any private keys used to decrypt the information are still secure and 2) there's not some unexpected advancement in quantum computing that greatly reduces the efficacy of the AES cipher.

TL;DR Steam hasn't yet pulled a Sony.
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male


Return to Steam

Who is online

Users browsing this forum: No registered users and 2 guests