Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Networking

    Cyber-Attackers Deface Steam Gaming Forums, Access Credit Card Database

    By
    Fahmida Y. Rashid
    -
    November 15, 2011
    Share
    Facebook
    Twitter
    Linkedin

      In a two-pronged attack, cyber-attackers have broken into a database belonging to the Steam videogame service that contained credit card information for an unknown number of users.

      After unknown perpetrators defaced the Steam discussion forums a little over a week ago, investigators discovered the same attackers had accessed at least one database belonging to the gaming service, said Valve in a message to users on Nov. 10. Steam is a service that lets people buy, download, play and chat about games. Not all the games on the site are made by Valve, and include prominent titles such as Skyrim, LA Noire, Call of Duty, and Modern Warfare 3.

      Valve took the defaced Steam discussion forums offline after the Nov. 6 incident, claiming it was for maintenance purposes. During that investigation, Valve discovered that the breach went “beyond the Steam forums,” Valve co-founder Gabe Newell said in the statement on Nov. 10. Attackers had gained access to a Steam database that held usernames, hashed and salted passwords, game purchases, email addresses, billing addresses and credit card information, Newell said.

      “We learned that intruders obtained access to a Steam database in addition to the forums,” Newell wrote in the statement. It was not clear whether the database contained all 35 million active Steam accounts or if it was a subset.

      Valve said it had not seen any evidence to date indicating that credit card information had been misused, nor was there any evidence of accounts being accessed illegally.

      “Gaming companies are the new gold mine of consumer identity information for hackers,” Wasim Ahmad, data protection expert and a vice-president at Voltage Security, told eWEEK. Until recently, gaming companies haven’t really paid attention to security to the extent that financial institutions have, Ahmad said.

      Sony’s PlayStation Network and Sony Online Entertainment services were attacked mid-April, and over a 100 million user accounts were compromised. Like Valve, Sony initially took the services offline for “maintenance” and admitted to the breach about a week later.

      Unlike Sony, which had a myriad of security issues including data being stored using a weak hashing algorithm, it appears Valve had encrypted the credit card information. This makes it likely that even if attackers had stolen the data, they would not be able to decrypt the file to use the information.

      In the Steam attack, the perpetrators originally attacked the service’s discussion forums after compromising a few accounts. The login details used in this attack was then used to access a database containing ID and credit card data. Even though only a “few” forum accounts have been compromised, Valve will be requiring all forum users to change their passwords, according to the statement.

      Newell recommended that users change passwords on other sites if they had reused the Steam password elsewhere. Valve also suggested enabling Steam Guard, a service provided by Valve where users are notified by email every time someone tries to login to the account from unknown hardware.

      The Steam discussion forum accounts themselves do not appear to be impacted, so Valve will not require users to change them, although it “wouldn’t be a bad idea to change that as well,” Newell wrote, especially if the passwords were the same.

      “Hackers always find a way to get to the data, so securing data itself is a main priority,” Ahmad said. Looking for evidence of tampering or just trying to keep intruders from breaching the servers was not “sufficient,” he said.

      Valve also apparently used the vBulletin software for its discussion forums. The platform is commonly targeted by online attackers using cross-site scripting and SQL injection techniques. From looking at Valve’s main page, it appears that the company was using an older version, 3.x, instead of the newer 4.x.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×