Nope, sure didn't. Thanks for your concern, though, Subby.

yup, nothing to worry about here. steam forum and steam accounts are two separate things.

No, I didn't have any CC info in my Steam Forums account. My Steam account, sure. God, I don't even know the password for my Forums account, at this point. Do people actually use those?

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

Aren't Steam forum accounts are kept separate from actual Steam accounts?

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

Exactly.
The only way this could have an impact on any ones Steam account is if that person was stupid enough to use the same Login name, email address, and password across both accounts.
Which we all know plenty of people do, sadly.

/same email address between the two for me, but that's all.

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

the_sidewinder: envirovore: Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

Exactly.
The only way this could have an impact on any ones Steam account is if that person was stupid enough to use the same Login name, email address, and password across both accounts.
Which we all know plenty of people do, sadly.

/same email address between the two for me, but that's all.

They would also have to use the same password for their email account (which I bet many do) as Steam now sends an Auth email before any Steam client can be authorized on any specific account

No doubt in regards to the same password thing for the email if they tend to use the same info across all accounts. I admit, it's a pain in the ass juggling various passwords for various sites, but it's instances such as this which make it worth while.
Steam Guard is handy, but if they get the login info for the email address as well, it's useless.

The amazing thing about these hacker groups is that they all depend on everyone being really, really nice about this sort of thing. Sure, the police might get involved, and someone might spend enough time and money to catch the people who did it, but there aren't any real repercussions, like death or dismemberment.

At least, until someone makes the mistake of hacking the game account of some Russian mobster or South American druglord. In which case, the headlines will serve as a warning to the survivors.

/Anonymous versus the cartels? With that kind of money, you're not anonymous any more.
//Reamde

My best friend's mom's sister's hairstylist told me that Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

This is why I don't sign up with unreliable services.
I only spend money with secure companies, like Sony!

envirovore: No doubt in regards to the same password thing for the email if they tend to use the same info across all accounts. I admit, it's a pain in the ass juggling various passwords for various sites, but it's instances such as this which make it worth while.

Why would that even matter? Are the hackers going to do a reverse hash on every single password? That would take decades.

irving47: My best friend's mom's sister's hairstylist told me that Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

I guess it's pretty serious.

Also subby, Steam now requires extra confirmation when you log in from a new computer or location so even if, somehow, a hacker acquired your details from the forum site, it still would not be enough.

Companies that store credit card numbers are required to encrypt the crap out of them so even in the extremely unlikely case of a database of credit card numbers being stolen, it's even more unlikely that they'd be able to read those credit card numbers.

And in this case, only forum accounts were compromised, so it wouldn't even be the same database as the one with credit cards.

Codenamechaz: Also subby, Steam forum accounts are kept separate from actual Steam accounts for THAT very reason.

I saw this story earlier today. Somehow I knew this headline would appear sooner or later.

I think we'll be okay though. I'm pretty sure [copypasta] Steam forum accounts are kept separate from actual Steam accounts for THAT very reason. [/copypasta]

Ed Finnerty: So. What I'm getting from this thread is that I should *not* have saved all my main Steam account info in my Forum profile.

shiat, I thought I was supposed to make my credit card number my signature

MrEricSir: envirovore: No doubt in regards to the same password thing for the email if they tend to use the same info across all accounts. I admit, it's a pain in the ass juggling various passwords for various sites, but it's instances such as this which make it worth while.

Why would that even matter? Are the hackers going to do a reverse hash on every single password? That would take decades.

If they managed to get login info for the forums (and passwords are for some reason not encrypted), all it would require is trying that information in Steam and registered email accounts. If the same info is used across all three accounts (Steam, Steam Forums, and email), then they have full access to that users Steam account and the ability to by-pass Steam Guard.
Should have phrased that better the first time I suppose. That or I'm missing a point somewhere, in which case I'll blame the booze.

Wait, so are my forum and actual accounts the same? or are they separate?

I'm not sure I understand. I thought that my Steam forum account and actual account were different things. Is this correct or not?

envirovore: MrEricSir: envirovore: No doubt in regards to the same password thing for the email if they tend to use the same info across all accounts. I admit, it's a pain in the ass juggling various passwords for various sites, but it's instances such as this which make it worth while.

Why would that even matter? Are the hackers going to do a reverse hash on every single password? That would take decades.

If they managed to get login info for the forums (and passwords are for some reason not encrypted), all it would require is trying that information in Steam and registered email accounts. If the same info is used across all three accounts (Steam, Steam Forums, and email), then they have full access to that users Steam account and the ability to by-pass Steam Guard.
Should have phrased that better the first time I suppose. That or I'm missing a point somewhere, in which case I'll blame the booze.

Password information isn't encrypted, it's hashed. You can't get your password out of a hash, it's one way. Only way to reverse it is to estimate it based on common passwords hashed using common, weak algorythms like MD5 which I bet they weren't using.

the_sidewinder: squirrel_spam: Wait, so are my forum and actual accounts the same? or are they separate?

They are different. It's even entirely possible that you do not have a forum account

Woah

Barakku:

Password information isn't encrypted, it's hashed. You can't get your password out of a hash, it's one way. Only way to reverse it is to estimate it based on common passwords hashed using common, weak algorythms like MD5 which I bet they weren't using.

Okay, so that is what I was missing then. Thank you for clearing it up. And while I know they're not technically the same, I was meaning hashed in place of encrypted.

t3knomanser: No, I didn't have any CC info in my Steam Forums account. My Steam account, sure. God, I don't even know the password for my Forums account, at this point. Do people actually use those?

Well, I know I used it for a little bit this Halloween event season looking to get a Spi mask to complete my Sackson Hale mask, but that was all.

Other than that, a good 90% of the SPUF stuff is kinda like the politics tab here, inane jibberish and trolling.

BarryJV: Also subby, Steam now requires extra confirmation when you log in from a new computer or location so even if, somehow, a hacker acquired your details from the forum site, it still would not be enough.

Unless they hack your email, then use that to perform password change/verification on the new login stuff, and raid your account.

Happened to my Wow account, but the joke was on you Mr. Chinese (yes, Wow and Google both scream 'someone from a chinese IP logged in!' at you) hacker, my Level 49 Retadin was worth YOUR time.

wtf is steam forums? Sounds like a lot of fuss over hot air.

kroonermanblack: BarryJV: Also subby, Steam now requires extra confirmation when you log in from a new computer or location so even if, somehow, a hacker acquired your details from the forum site, it still would not be enough.

Unless they hack your email, then use that to perform password change/verification on the new login stuff, and raid your account.

Happened to my Wow account, but the joke was on you Mr. Chinese (yes, Wow and Google both scream 'someone from a chinese IP logged in!' at you) hacker, my Level 49 Retadin was worth YOUR time.

Although I've been WoW-free for a year now, I just don't get WoW hacking ... those authenticators are almost free, hell the smartphone versions ARE free. Small price to pay if you put in the amount of time most WoW players do.

LadyBelgara: Nope, sure didn't. Thanks for your concern, though, Subby.

Pretty much.

envirovore: MrEricSir: envirovore: No doubt in regards to the same password thing for the email if they tend to use the same info across all accounts. I admit, it's a pain in the ass juggling various passwords for various sites, but it's instances such as this which make it worth while.

Why would that even matter? Are the hackers going to do a reverse hash on every single password? That would take decades.

If they managed to get login info for the forums (and passwords are for some reason not encrypted), all it would require is trying that information in Steam and registered email accounts. If the same info is used across all three accounts (Steam, Steam Forums, and email), then they have full access to that users Steam account and the ability to by-pass Steam Guard.
Should have phrased that better the first time I suppose. That or I'm missing a point somewhere, in which case I'll blame the booze.

The one step that's missing is getting the credit card info out of the Steam account, assuming the hacker could get around Steam Guard and everything else. There's no way to find that information via the Steam client directly, and I would assume that trying to email/call tech support asking for your credit card number wouldn't go well either. The most you can get is the last four digits of the card, which isn't really useful at all. It doesn't even list your card's expiration date.

Hackers COULD buy a bunch of games with your account info and gift it to other users, but at that point it's a dead-end. Games can't be sold or traded once you own them, nor can they be removed from your account barring direct intervention by Valve staff. And once you report fraudulent activity on your card, Valve will have little trouble figuring out what account got what game and either a) banning the user or b) taking the game away. I guess hackers could theoretically use that to try and get some innocent user banned, but that's a lot of hoops to jump through for that.

Bottom line, this isn't anything like the PSN hacking issue, except for people who don't understand the necessity of diversified passwords and have their credit card info somehow stored in plaintext in their email.

Why do hackers declare that they've hacked a site if they're keen on taking credentials? Farking noobs.

Do spies announce to the world that they've turned someone over as an informant? No. They pump that shiat til the information runs dry and then look to replicate the procedure. They don't talk about it, because once the other side is tipped off, all bets are off.

Barakku: Password information isn't encrypted, it's hashed. You can't get your password out of a hash, it's one way. Only way to reverse it is to estimate it based on common passwords hashed using common, weak algorythms like MD5 which I bet they weren't using.

Even if they were using MD5 and even if people used shiatty passwords, if Valve (or whoever made the forum software) salted the hash correctly it's damn near impossible to get the password.

DeathByGeekSquad: Why do hackers declare that they've hacked a site if they're keen on taking credentials?

Because those are the only cases you ever hear about?

Believe me, 99% of the time hackers don't say anything and the people/company who've been broken into do not know they've been attacked.

Wait wait wait wait wait....what's Steam?