Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Steam hacked


  • Please log in to reply
22 replies to this topic

#1 lethalwire

lethalwire

    while(false){ ... }

  • Senior Member
  • PipPipPipPipPipPip
  • 766 posts
  • Programming Language:C, Java, PHP, JavaScript
  • Learning:PHP

Posted 07 November 2011 - 06:01 PM

Steam Forums Apparently Hacked

Suggestion: If your steam forum and steam account username/passwords are the same, I'd change them asap.

I don't understand why there weren't any emails sent out about this...
  • 0

#2 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 07 November 2011 - 11:30 PM

I had changed my password the other day for another reason, finally had repaired a gaming computer to working condition and forgot my login.

Makes me think, they use vBulletin rather than a custom built forum, hopefully they report to vBulletin what had happened in case it may be an unknown exploit kit.
  • 0

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#3 lethalwire

lethalwire

    while(false){ ... }

  • Senior Member
  • PipPipPipPipPipPip
  • 766 posts
  • Programming Language:C, Java, PHP, JavaScript
  • Learning:PHP

Posted 10 November 2011 - 04:29 PM

Uh oh.... looks like it goes 'beyond' steam forum accounts...
Steam Users' Forums
  • 0

#4 mebob

mebob

    CC Devotee

  • Validating
  • PipPipPipPipPipPip
  • 467 posts
  • Programming Language:C, C++, Assembly
  • Learning:PHP

Posted 10 November 2011 - 06:38 PM

Wow, I'm definitely glad my I don't have any important info on file there
  • 0
Latinamne loqueris?

#5 RhetoricalRuvim

RhetoricalRuvim

    JavaScript Programmer

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1310 posts
  • Location:C:\Countries\US
  • Programming Language:C, Java, C++, PHP, Python, JavaScript

Posted 10 November 2011 - 09:27 PM

What is this Steam stuff all about?
  • 0

#6 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 10 November 2011 - 10:39 PM

What is this Steam stuff all about?

A large digital game distribution platform, developed by Valve (hense the name).

It contains a lot of features for game management (updates, achievements, in-game chat) and most of the popular games out there and so it has a lot of people.
  • 0

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#7 rk0r

rk0r

    CC Regular

  • Member
  • PipPipPip
  • 27 posts

Posted 11 November 2011 - 07:27 AM

I would have thought being so inventive by making games and connecting the users together with their infrastructure Steam would have hired a private team of coders to secure their Forums \ Pen Testers for their servers. :pinguin:
  • 0

#8 RhetoricalRuvim

RhetoricalRuvim

    JavaScript Programmer

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1310 posts
  • Location:C:\Countries\US
  • Programming Language:C, Java, C++, PHP, Python, JavaScript

Posted 11 November 2011 - 01:25 PM

How does a forum get hacked?
  • 0

#9 rk0r

rk0r

    CC Regular

  • Member
  • PipPipPip
  • 27 posts

Posted 14 November 2011 - 12:17 AM

Exploited by SQL injection.
:D


How does a forum get hacked?


  • 0

#10 RhetoricalRuvim

RhetoricalRuvim

    JavaScript Programmer

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1310 posts
  • Location:C:\Countries\US
  • Programming Language:C, Java, C++, PHP, Python, JavaScript

Posted 14 November 2011 - 12:22 AM

So I guess server-side code should be more careful about what "values" it sends to the database.

* * *

I wonder if using files, instead of a database, would fix the problem. Like have all the names in one file, one name per line, and all the birthdays in another file, corresponding line number, etc.
  • 0

#11 wim DC

wim DC

    Roar

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 2681 posts
  • Programming Language:Java, JavaScript, PL/SQL
  • Learning:Python

Posted 14 November 2011 - 01:11 AM

I wonder if using files, instead of a database, would fix the problem. Like have all the names in one file, one name per line, and all the birthdays in another file, corresponding line number, etc.

Possibly, but it would never be worth all the extra work to go implement your system to work with files.
Not to mention the performance hit you're likely to get.
  • 0

#12 rk0r

rk0r

    CC Regular

  • Member
  • PipPipPip
  • 27 posts

Posted 14 November 2011 - 01:48 AM

One way to prevent this from happening again would be to air gap their online forums from the sensitive data. IMO companies should never hold personal details online i.e. CC# and address etc or even link it to an online forum.

Steam need to get their developers to write a new forum instead of using Vbulletin.
  • 0




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download