Steam Hit by Major Security Breach, Many Accounts Hacked

figment

figment

Keeper of the Watch
Original Sin Donor
Original Sin 2 Donor
Joined
April 23, 2010
Messages
688
Seems like Steam was hacked I didn't see anything on this forum about it. So this is just a friendly advisory that if you get password reset notices from Valve that may mean your account was compromised or someone is trying.

Should note that it has been apparently fixed.

http://masterherald.com/steam-hit-by-major-security-breach-many-accounts-hacked/23239/

Reports are still blurry and information keeps coming out – Valve themselves are yet to make an official statement on the issue – but according to a demonstration that was posted on YouTube, a hacker could abuse the “forgotten password” feature in Steam’s log-in service, completely bypassing the stage where they have to enter a security code, and being granted access to reset the password of the account.

All an attacker needs to carry out this exploit is the account name of a Steam user. It’s not yet clear if Steam Guard offers sufficient protection from the exploit, as there have been some reports from users claiming that their accounts have been compromised even with Steam Guard enabled.

Users are advised to keep an eye on their e-mail accounts. If an e-mail related to password recovery is received, the user should definitely not ignore it, and proceed to verify that their account is still accessible.
Click to expand...
 
Joined
Apr 23, 2010
Messages
688
Thanks for the warning.

pibbur who is a bit puzzled by the dogs sniffing at his feet
 
The issue was fixed immediately.

To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.

Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.

We apologize for any inconvenience.
Click to expand...

Basically, if you didn't receive an e-mail from Valve, noone touched your acc.
And if Steam Guard was active, hijacking acc attempt was futile.
 
Joined
Apr 12, 2009
Messages
23,459
You must log in or register to reply here.
Back
Top Bottom