POST A COMMENT

34 Comments

Back to Article

  • SpartanJet - Thursday, November 10, 2011 - link

    Why didn't I see this before I pre purchased Elder Scrolls V. I would have went with the store version and broken ties with Steam altogether. Reply
  • sjael - Thursday, November 10, 2011 - link

    Just a FYI; Skyrim is a Steamworks game, and thus *must* be activated on Steam. Reply
  • SlyNine - Friday, November 11, 2011 - link

    Yea, but the issue is credit card theft. So big deal if you don't add a credit card. Reply
  • SlyNine - Friday, November 11, 2011 - link

    And knowing that, I just bought Skyrim on steam. Hope the encryption holds out. (Don't know much about their encryption but if its anywhere near AES128 good luck with that).

    Besides your card could be stolen by the clerk at the store just as easily, you should always monitor your account and challenge purchases that you didn't make, Duh.
    Reply
  • digitalzom.b - Friday, November 11, 2011 - link

    Well, I've been reading quite often that they actually use AES256, so I think we're good. Reply
  • kmmatney - Friday, November 11, 2011 - link

    Everytime you give your credit card to the waiter at a restaurant it's at risk. They just need to take a picture of the card with their phone, and they have the numbers. In Europe, the bring the credit card reader to the table at least. Reply
  • Ronakbhai - Saturday, November 12, 2011 - link

    Yeah, actually my brother went to a restaurant with a couple of his friends, and a few weeks later they all had large charges on their accounts from another state across the country. Reply
  • piroroadkill - Monday, November 14, 2011 - link

    AES256.

    http://i.imgur.com/UBi0S.png

    You don't need to save your credit card details on Steam either. Just uncheck the box each time that says "Save my details".
    Reply
  • Anonymous Blowhard - Monday, November 14, 2011 - link

    > actual response from GabeN

    Good Guy Gabe:
    - Makes Scrooge McDuck levels of money
    - Still responds to everyday Joes emailing him directly

    PCI DSS mandates some pretty serious guidelines around the storage of PAN and other payment card data.
    Reply
  • KoolAidMan1 - Thursday, November 10, 2011 - link

    Skyrim is a Steamworks game, you'd be using it whether or not you bought a physical copy Reply
  • therealnickdanger - Friday, November 11, 2011 - link

    ... not for Xbox. :) Reply
  • piroroadkill - Monday, November 14, 2011 - link

    But then you'd be using a gimped version, so.. swings and roundabouts... Reply
  • anactoraaron - Saturday, November 12, 2011 - link

    I had a very similar question:

    Why didn't I wait to see that Skyrim is just another poorly done console port before buying the game on Steam? I would have avoided getting this game on my PC and broken ties with Bethesda altogether.
    Reply
  • Proxy711 - Thursday, November 10, 2011 - link

    You make it sound like steam was down this whole time. the only thing that was hacked was the steam forums. You could play your games at all times during and after the attacks.

    I'm impressed it took this long for steam to have a legit attack get thought, you'd think because steam is such a huge network for gamers with a lot of money and CC info being exchanged they would have been targeted more. Shows Valve knows a lot more about network security then sony, since at least they had info encrypted where as sony had it sitting on a server as plain text lol.
    Reply
  • FaaR - Friday, November 11, 2011 - link

    They probably get targetted every single day, with most attacks - hopefully! - rebuffed... To think otherwise is probably giving humanity too much credit, because it's easier to steal from others than becoming successful through your own efforts. And like you say, lots of money flow through Steam, and the prospect of laying hands on tons of dough is a huge scum-magnet. Reply
  • mi1stormilst - Thursday, November 10, 2011 - link

    Valve has been hacked before ... let's not for get the whole Half Life 2 fiasco ... it is starting to feel like no one is safe anywhere using the internet. Reply
  • Paul Tarnowski - Thursday, November 10, 2011 - link

    What? You're figuring this out just now? Seriously? Reply
  • silverblue - Friday, November 11, 2011 - link

    Steam maintained that the only way someone can get access to your account was down to user carelessness. Funny how someone else got my credentials and it became my fault... and took them a month to sort it out. Hell, they were insistent on having the product key off the HL2 Silver box that I didn't have considering I downloaded it directly from them.

    /rant
    Reply
  • gevorg - Thursday, November 10, 2011 - link

    Hi Kids!

    Call your credit card company and change CC numbers.
    Reply
  • Proxy711 - Thursday, November 10, 2011 - link

    They got encrypted CC info so its not like they can just take that data and start buying mass amounts of porn. (*wonders why that's all anyone does with stolen CC numbers*)

    Use paypal for payments. I'd rather have 1 site know my CC info then 50 other online stores.
    Reply
  • imaheadcase - Friday, November 11, 2011 - link

    Paypal is terrible terrible company. Who uses them anymore is crazy.

    I've lost count of the people screwed over by them, and not just in the news, personal friends just because paypal did not like how the funds was obtained, or even used.

    I know someone who had ebay account CLOSED because someone gave bad feedback claiming the item was stolen, we are talking about 4 pairs of jeans for $10 each. They then closed paypal account with over $2k in it.
    Reply
  • B3an - Friday, November 11, 2011 - link

    WTF Proxy711? DONT use Paypal you tool. They have stolen money from me, and it wasn't a small amount. This is normal for them. Reply
  • Earthmonger - Friday, November 11, 2011 - link

    Even though Paypal is shady is some regards, this is why I use it. Steam doesn't have my CC info. The only thing I'm worried about here is spam email. I should have used one of my less important accounts. Reply
  • B3an - Friday, November 11, 2011 - link

    Cant beleive you think you're actually better off with Paypal than steam. What a joke. Not only have Paypal been breached before but they will take money off you, suspend your account, or not allow funds whenever they feel like it. They're thieves. Theres even multiple sites set up for people that have had Paypal steal from them. Reply
  • Rand - Friday, November 11, 2011 - link

    I had two attempts by some unknown person to log into my Steam account tonight, SteamGuard protected me but given the timing and the fact that no one else aside from myself knew my password it seems awfully likely that some account passwords have been successfully stolen.

    I strongly recommend changing your Steam account password if you haven't already.
    Reply
  • Syphadeus - Friday, November 11, 2011 - link

    You know what, in this day and age when consumers have to sign their lives away by agreeing to EULA and contractual aspects of Data Protection it seems completely unfair that there aren't harsher penalties for these companies. They take your data, important information and frankly they are not taking sufficient measures to protect it. "Sufficient" is a term in this industry that will change every day. As hackers become more advanced so to must the protection of said data in order to constitute being protected.

    So what happens? Does the company get fined? No. They just apologise, and to hell with the data that is stolen and whoever stole it. That's just not good enough. These companies should be independently audited on this criteria and if they fail, they should be legally forced into reviewing their security and and taking necessary remedial action.

    I don't give a damn that HL2 was stolen from them, but they should have learnt from that because they didn't half whine about it. They don't seem anywhere near as caring when the data stolen doesn't impact them in the same way. Disgraceful.
    Reply
  • piiman - Friday, November 11, 2011 - link

    Its virtually impossible to stop hacking. Steam at least has the info encrypted and salted so the chances of them actually being able to use it is slime to none. What gets me is they claim they didn't hack Steam but the forums yet they got a data base with account and cc info. So does Steam keep this info on there forums servers?? It seems obvious to me they did access Steam also.

    I think companies need to stop storing CC info and make us enter it EVERY TIME. I know it might be a pain but its much safer. At least give me the option to not store my CC info like some sites do.
    Reply
  • piroroadkill - Friday, November 11, 2011 - link

    You can on Steam. I never saved my data. Reply
  • piiman - Friday, November 11, 2011 - link

    really? I'll have to look harder. I know they only save one but I've never seen the do not save option. will look into it for sure. Thanks Reply
  • imaheadcase - Friday, November 11, 2011 - link

    Its not really a problem, the only problem with them getting the actual CC info is slim to none. However even if they did its still not a big deal, CC company will just cancel out the charges and send you a new one. Reply
  • piroroadkill - Friday, November 11, 2011 - link

    The only thing is, every single time you buy something, you have to uncheck "save my card details for future use".

    It's no big deal, but you have make sure you don't check it.
    Reply
  • Glibous - Friday, November 11, 2011 - link

    I think it's good that u have the option to save your information. If u enter your information everytime your just as much in risk of theft. So many people have crap virus protection and are at risk of key loggers. I trust a company that invests in security more then my own computer (even though I'm pretty knowledgable at staying secure).

    As for PayPal I use it knowing the risks. I don't use it for major purchases just videogames. I've never had a problem so far. Either way your at risk of theft just by different means.
    Reply
  • piiman - Friday, November 11, 2011 - link

    The problem is you don't know how much they invest in security, both time and $, until its too late. Reply
  • Glibous - Friday, November 11, 2011 - link

    I don't know dollar amounts but I know they invest more then I have and the common threats plaguing the internet don't really affect those companies. I have the "joy" of dealing with peoples systems all day and 85% of them are virus related. Rootkits, Trojans, Key loggers... Most of them have key loggers and other threats that can be used to cause alot of problems for them. It's definately a good idea to not save your credentials on any site because of the problems companies like Valve, Sony+++++, PayPal+++ have to deal with but theres no absolute safe alternatives. The best way is taking money out of an ATM and buying everything cash. Now you have to worry you don't get mugged. Lol it just never ends Reply

Log in

Don't have an account? Sign up now