Games Steam hacked...

[MYstIC G]

Because you're missing my point that many people are stupid and use the same password for things that you shouldn't, e.g. e-mail account and say online banking login.

If Valve were being truly brilliant about security then they'd encourage people to change both forum and steam passwords and they wouldn't make it just a crappy little announcement that you only get if you go to the steam forums but it'd be on the front page when you open the steam website, the client (which is always happy to pop up something to pimp to you) and be e-mailed to everyone.

 

[Calaen]

Not alot anyone can do about that really is there

 

[Talyn]

 

[Billargh]

I have no idea what is happening but that sounds positive, maybe I won't have to change my bank bumf after all.

 

[old.Tohtori]

Free stuff? Thanks hackers!

 

[rynnor]

Sounds like the hackers got a fat load of un-decryptable data - waste of their time - good work Steam.

 

[Deebs]

Sounds like the hackers got a fat load of un-decryptable data - waste of their time - good work Steam.

Yup looks that way. It looks like they used SHA256 for their hashes. Unfortunately it will not protect those that use simple passwords. One thing I would love to know is did Steam create a random salt per account? If so then I will be very happy

 

[Chilly]

If they didnt use a unique salt per pw then you can quite easily crack the encryption anyway since the key would be known. AES254 is a stream cipher, not a hash. Since passwords follow a well known distribution of shitness, you can be quite sure than a reasonable proportion of the plaintext is known, at least in a statistical sense.

/edit - by easily I mean it's not totally impossible

 

[ECA]

That screenshot is a photoshop anyway btw.

 

[MYstIC G]

http://www.theregister.co.uk/2011/11/13/steam_confirms_credit_card_database_attacked/

Onwards and upwards.