An email probably would have made sense. However, as I pointed out above, unless you have Steam Guard off or used the same password for email and steam, your credit card info was not threatened based on the info I've seen.
Steam hacked.
- Thread starter Haggis and tatties
- Start date
There's no good way for the intruders to get your credit card info out of this, anyway.
When Sony was attacked, they didn't even know if people's CC info had been taken! Which means they were storing it in such a way that it could be stolen. Not so for Steam.
It's interesting to look at how the situations are both similar and different:
Sony:
* Admitted very early that there was an intrusion, but knew very few details at first.
* Apparently stored sensitive data in clear text in their databases.
* PSN platform was so fatally flawed it had to be taken down for weeks to be fixed.
* Apologized by giving away some free games.
Steam:
* Didn't announce right away, but waited until they had firm details on what had been taken.
* Had no sensitive data stolen, except forum passwords (stored as clear text.) Forum passwords kept separate from Steam account passwords.
* Has SteamGuard, which would prevent people from using your Steam account on another computer, unless they had also compromised your email account.
* No actual downtime (as far as I know), just a few patches to the Steam client.
* No material apology (yet.)
* Still hasn't notified everyone, despite having email addresses and the ability to push messages through the Steam client. I had to find out from here--I never saw any official word in my inbox or via the client.
I think Steam was better prepared for this kind of attack, but handled disseminating information about it pretty poorly. Contrast with Sony, which addressed the situation very publicly but mostly displayed their utter incompetence.
Overall, I think Steam came out better, mostly due to having a more secure infrastructure in place. That should've been Sony's strategy all along, and hopefully they have learned their lesson, albeit very painfully.
When Sony was attacked, they didn't even know if people's CC info had been taken! Which means they were storing it in such a way that it could be stolen. Not so for Steam.
It's interesting to look at how the situations are both similar and different:
Sony:
* Admitted very early that there was an intrusion, but knew very few details at first.
* Apparently stored sensitive data in clear text in their databases.
* PSN platform was so fatally flawed it had to be taken down for weeks to be fixed.
* Apologized by giving away some free games.
Steam:
* Didn't announce right away, but waited until they had firm details on what had been taken.
* Had no sensitive data stolen, except forum passwords (stored as clear text.) Forum passwords kept separate from Steam account passwords.
* Has SteamGuard, which would prevent people from using your Steam account on another computer, unless they had also compromised your email account.
* No actual downtime (as far as I know), just a few patches to the Steam client.
* No material apology (yet.)
* Still hasn't notified everyone, despite having email addresses and the ability to push messages through the Steam client. I had to find out from here--I never saw any official word in my inbox or via the client.
I think Steam was better prepared for this kind of attack, but handled disseminating information about it pretty poorly. Contrast with Sony, which addressed the situation very publicly but mostly displayed their utter incompetence.
Overall, I think Steam came out better, mostly due to having a more secure infrastructure in place. That should've been Sony's strategy all along, and hopefully they have learned their lesson, albeit very painfully.
Unless I've missed an update Valve said they had no idea if credit card information was stolen either, just that it could have been. They were in fact no different from Sony because they have no idea what happened or what information was breached, just that their forum security was breached and other areas could have been.
Do these guys have my email address? My billing address? My purchase history? My (encrypted) credit card information? Hell if I know. Valve doesn't appear to either.
The fact that they're not releasing any info is shabby and the exact same thing Sony did (which is why their was so much rampant speculation and mis-information).
I haven't logged onto Steam for about 2 years since I switched to a Mac without Bootcamp/Parallels set up. But on the 8th I see I received one of those "how to reset your password" e-mails that one gets when you request to change your password on an account. Presumably one of the a**holes has my secondary e-mail address (the one I use for forum membership registrations and the like). Fortunately in the time since I last used Steam I've changed my password on that account. And I don't recall ever entering CC information back in the day - I just registered so I could play Half-Life 2 and Portal.
And just think - pretty soon we're all going to be required to keep our personal files online, our movies, our music. What fun we'll all have.
PS. It occurs to me that the reset password e-mail I refer to might actually have been sent legitimately by Steam as a security measure. Which is fair enough and not a bad idea (though I would still not click any links in that particular e-mail, just to be safe). My comment about the hackers being a**holes still stands, however.
Alex
And just think - pretty soon we're all going to be required to keep our personal files online, our movies, our music. What fun we'll all have.
PS. It occurs to me that the reset password e-mail I refer to might actually have been sent legitimately by Steam as a security measure. Which is fair enough and not a bad idea (though I would still not click any links in that particular e-mail, just to be safe). My comment about the hackers being a**holes still stands, however.
Alex
And just think - pretty soon we're all going to be required to keep our personal files online, our movies, our music. What fun we'll all have.
Uh, no. This isn't true.
Similar threads
