Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Steam hacked

Started by lethalwire, Nov 07 2011 06:01 PM

Please log in to reply

22 replies to this topic

#1
lethalwire

Posted 07 November 2011 - 06:01 PM

while(false){ ... }

Members
748 posts

Programming Language:Java, PHP
Learning:Java, PHP

Steam Forums Apparently Hacked

Suggestion: If your steam forum and steam account username/passwords are the same, I'd change them asap.

I don't understand why there weren't any emails sent out about this...

#2
Alexander

Posted 07 November 2011 - 11:30 PM

It's Science!

Moderators
4,120 posts

Location:Vancouver, Eh! Cleverness: 200

I had changed my password the other day for another reason, finally had repaired a gaming computer to working condition and forgot my login.

Makes me think, they use vBulletin rather than a custom built forum, hopefully they report to vBulletin what had happened in case it may be an unknown exploit kit.

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#3
lethalwire

Posted 10 November 2011 - 04:29 PM

while(false){ ... }

Members
748 posts

Programming Language:Java, PHP
Learning:Java, PHP

Uh oh.... looks like it goes 'beyond' steam forum accounts...
Steam Users' Forums

#4
mebob

Posted 10 November 2011 - 06:38 PM

Programming Expert

Members
490 posts

Wow, I'm definitely glad my I don't have any important info on file there

Latinamne loqueris?

#5
RhetoricalRuvim

Posted 10 November 2011 - 09:27 PM

JavaScript Programmer

Members
1,254 posts

Location:C:\Countries\US

What is this Steam stuff all about?

#6
Alexander

Posted 10 November 2011 - 10:39 PM

It's Science!

Moderators
4,120 posts

Location:Vancouver, Eh! Cleverness: 200

RhetoricalRuvim said:

What is this Steam stuff all about?

A large digital game distribution platform, developed by Valve (hense the name).

It contains a lot of features for game management (updates, achievements, in-game chat) and most of the popular games out there and so it has a lot of people.

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#7
rk0r

Posted 11 November 2011 - 07:27 AM

Newbie

Members
20 posts

I would have thought being so inventive by making games and connecting the users together with their infrastructure Steam would have hired a private team of coders to secure their Forums \ Pen Testers for their servers. :pinguin:

#8
RhetoricalRuvim

Posted 11 November 2011 - 01:25 PM

JavaScript Programmer

Members
1,254 posts

Location:C:\Countries\US

How does a forum get hacked?

#9
rk0r

Posted 14 November 2011 - 12:17 AM

Newbie

Members
20 posts

Exploited by SQL injection.
:D

RhetoricalRuvim said:

How does a forum get hacked?

#10
RhetoricalRuvim

Posted 14 November 2011 - 12:22 AM

JavaScript Programmer

Members
1,254 posts

Location:C:\Countries\US

So I guess server-side code should be more careful about what "values" it sends to the database.

* * *

I wonder if using files, instead of a database, would fix the problem. Like have all the names in one file, one name per line, and all the birthdays in another file, corresponding line number, etc.

#11
wim DC

Posted 14 November 2011 - 01:11 AM

Writes binary right handed and hex left handed

Members
2,084 posts

Programming Language:Java, JavaScript, PL/SQL
Learning:Java

RhetoricalRuvim said:

I wonder if using files, instead of a database, would fix the problem. Like have all the names in one file, one name per line, and all the birthdays in another file, corresponding line number, etc.

Possibly, but it would never be worth all the extra work to go implement your system to work with files.
Not to mention the performance hit you're likely to get.

#12
rk0r

Posted 14 November 2011 - 01:48 AM

Newbie

Members
20 posts

One way to prevent this from happening again would be to air gap their online forums from the sensitive data. IMO companies should never hold personal details online i.e. CC# and address etc or even link it to an online forum.

Steam need to get their developers to write a new forum instead of using Vbulletin.