.

Healthy Passwords

.

.

Steam Breach - Lots of Personal Data, little worry of password compromise

Date: 2011-11-11 00:12:51

SteamPowered.com Website Image

Steampowered.com, the website of over 1100 games has reported a breach:

  • The bad news is they are reporting an entire database compromise including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.

  • The good news is passwords were salted and encrypted, making it very difficult to obtain the password, and credit card data was encrypted.

The following announcement was sent to users

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening 
of Sunday, November 6. We began investigating 
and found that the intrusion goes beyond the
Steam forums.

We learned that intruders obtained access to 
a Steam database in addition to the forums. This 
database contained information including user 
names, hashed and salted passwords, game purchases, 
email addresses, billing addresses and encrypted 
credit card information. We do not have evidence 
that encrypted credit card numbers or personally 
identifying information were taken by the intruders, 
or that the protection on credit card numbers or 
passwords was cracked. We are still investigating.

Sophos' recommendation to users is perfect, we're going to Copy and Paste it: ( Credit: Sophos report on Steam breach

  • Change your Steam password, just in case. If you were using a weak password before, take this opportunity to choose a decent one.

  • Keep an eye on your credit card statement and report any unexpected transactions.

  • Consider not storing your credit card data on Steam's servers. You don't have to. You can choose to enter it every time you need it instead.

  • Consider enabling Steam Guard. If you do, Steam will email you every time you (or someone else) logs in from someone else's computer.

  • Send an email to Steam asking why they encrypted credit card data and passwords, but apparently not the rest of its users' personally identifiable information.

If Steam truly did salt passwords, passwords changes may not be necessary. It's better to be safe than sorry.

Category: Breach

Subcategory: Passwords

blog comments powered by Disqus
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

 Subscribe in a reader

.

Leaf

Leaf

Home | Live CD Listing | Password Worksheet | Third Party Ratings | Purchase | Errata | Contact | News | News Archive | Legal

Copyright © 2011, Sustainable Alternatives, LLC | Ligonier, PA 15658 | 724-238-9560 | All Rights Reserved.

 Sustainable Alternatives, LLC BBB Business Review
Leaf

.

Leaf