Author Topic: Errr, Steam kind of broke  (Read 4196 times)

0 Members and 1 Guest are viewing this topic.

Offline Klaustrophobia

  • 210
  • the REAL Nuke of HLP
    • North Carolina Tigers
Re: Errr, Steam kind of broke
I know, I noticed that they posted that after the story had been written on Kotaku. You've worked computer security IIRC, do you think waiting nearly a week to tell people about a computer breach like this one is acceptable?

Well, the government waited four ****ing months to tell me that chinese hackers stole literally ALL of my personal information.  They could hit me personally with an ICBM if they really wanted to with everything the feds leaked.  They make you put your entire damn life story in that SF86.  I had to do research to fill it out.  On myself.  That is not a joke or exaggeration.  May god have mercy on the poor soul of a lowly federal employee who doesn't complete their PII security training, but if the top dogs **** up to the tune of 14 million records, well.... oops.  Our bad. 
I like to stare at the sun.

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: Errr, Steam kind of broke
Well that's obviously far worse, but it doesn't absolve Valve of any guilt.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Polpolion

  • The sizzle, it thinks!
  • 211
    • Minecraft
Re: Errr, Steam kind of broke
No, I've never worked computer security.  And from the content of that blog - Ralwood's excerpts - I think the wait was likely to ascertain exactly what happened and what was lost.

And if you don't know, don't you think you should be telling people to take basic precautions? You know, like every other site that has even the danger of a leak does? As kotaku mentioned, they did give out more than enough information to say, steal someone's Netflix or X-Box account by using the information to do some social engineering.

But **** it, it's Steam. People are going to defend their ****ty practices while screaming bloody murder if anyone else did it.
What could you possibly do to mitigate that risk? Deactivate your accounts and re-register with a different email address? Get a new credit card because the last few digits were compromised? Move to a different house? This is a serious question. None of the stuff potentially compromised is supposed to be 100% secret, even your billing address.

Also I would blame Netflix for allowing account hijacking without secret information, not valve. Sure leaking personal information is bad, but Hell you can't blame valve for letting people get into my Netflix per se when my co-workers and friends could just as easily get in without the leak.

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: Errr, Steam kind of broke
Sure, it's incredibly strange that in this day and age, it is still rather trivial to steal an identity using just four numbers, but it has happened. But Valve is very definitely at fault for two things: One, that they allowed this thing to happen at all (the only reason this became an actual thing was that compromising information was cached), and Two, that they used the typical Valve approach to communication with regards to this. They were keeping quiet about it for a very long time, and that is just not acceptable for this type of thing.

Basically, I'm with Total Biscuit on this:
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: Errr, Steam kind of broke
What could you possibly do to mitigate that risk? Deactivate your accounts and re-register with a different email address? Get a new credit card because the last few digits were compromised? Move to a different house? This is a serious question. None of the stuff potentially compromised is supposed to be 100% secret, even your billing address.

Also I would blame Netflix for allowing account hijacking without secret information, not valve. Sure leaking personal information is bad, but Hell you can't blame valve for letting people get into my Netflix per se when my co-workers and friends could just as easily get in without the leak.

"Hi, this is Steve at Valve support. We've noticed a problem with your account which could lead to us deactivating your account. If you could just give me the full credit card number for the card you use with your account, the one that ends in 7328, I'll get that sorted for you."


I'd only need telephone number and last 2 or 4 digits to do that much. More data would only help to make it more believable and since this is a cached request from the store, if I can name a game the person ordered literally only an hour ago, I could probably fool a lot more people than this kind of exploit would normally catch.

Yeah, you can't change the data that Valve allowed to leak easily, but you can damn well be careful to look out for someone trying to exploit it.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: Errr, Steam kind of broke
Small nitpick that actually doesn't matter (but could be interesting for those who like such details):

The last 4 of a credit card is actually the last 3 of your account, plus a hash digit on the whole number (which includes stuff like system number, bank number, and account number).

http://money.howstuffworks.com/personal-finance/debt-management/credit-card1.htm


 

Offline headdie

  • i don't use punctuation lol
  • 212
  • Lawful Neutral with a Chaotic outook
    • Minecraft
    • Skype
    • Twitter
    • Headdie on Deviant Art
Re: Errr, Steam kind of broke
Maybe in the US, but I just checked mine and they are nowhere near
Minister of Interstellar Affairs Sol Union - Retired
quote General Battuta - "FRED is canon!"
Contact me at [email protected]
My Release Thread, Old Release Thread, Celestial Objects Thread, My rubbish attempts at art

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: Errr, Steam kind of broke
Finally got VPN access so I could watch the Total Biscuit video, and he's basically come to almost exactly the same opinion as I have. Steam failed to give the care it should have to their users, but they'll get away with it cause people love them and don't care that a billion dollar company is ****ing them over cause they think they're friends.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Mika

  • 28
Re: Errr, Steam kind of broke
You know, sometimes schadenfreude is just way too hard to suppress



I do recall warning a bunch of people in this very forum about Steam and about this issue and account lockings some years ago.

Let this be a reminder that you should require about the same amount of diligence from Valve as you do from banks in keeping your accounts safe.
Relaxed movement is always more effective than forced movement.

 

Offline Klaustrophobia

  • 210
  • the REAL Nuke of HLP
    • North Carolina Tigers
Re: Errr, Steam kind of broke
It wasn't all that long ago that my steam account was worth more than my bank account :P
I like to stare at the sun.

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: Errr, Steam kind of broke
I do recall warning a bunch of people in this very forum about Steam and about this issue and account lockings some years ago.

I remember warning people when Steam was first released about the fact that the more games you bought off Steam, the less power you would have to stop using their service, and that as a result they wouldn't have any real impetus to keep up a good level of service.

But like I said, that ship has sailed and people aren't going to give Valve the push to improve based on this leak. To be honest, I do wonder what kind of **** up Valve would have to make before people did start insisting on a change.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Polpolion

  • The sizzle, it thinks!
  • 211
    • Minecraft
Re: Errr, Steam kind of broke
I remember warning people when Steam was first released about the fact that the more games you bought off Steam, the less power you would have to stop using their service, and that as a result they wouldn't have any real impetus to keep up a good level of service.

But like I said, that ship has sailed and people aren't going to give Valve the push to improve based on this leak. To be honest, I do wonder what kind of **** up Valve would have to make before people did start insisting on a change.
You mean a **** up like selling mods?

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
Re: Errr, Steam kind of broke
I didn't see any changes to Valve's service cause of that. Just not the introduction of something new and stupid. I'm talking about how big of a **** up they'd have to make before they were treated even remotely closely to the way any other company offering the same services would be.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]