Steam not hacked, third party Cyber Cafe server compromised

Author: Joe Martin
Published: 19th April 2007
Comments (46) Stumble
Steam not hacked, third party Cyber Cafe server compromised

A lone hacker has stolen credit card information from Valve's customer database. Physics gun not used.

Update:

1UP has had the chance to talk to Valve software's Doug Lombardi about the so-called breach. He says that "There has been no security breach of Steam, the alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com."

This should hopefully reassure any end users worried that their credit card information has been compromised. However, if you're a Cyber Café owner and haven't already cancelled your credit card -- get onto your bank as soon as possible.

-- Tim

the story remains in its original form below

Valve may be in a spot of bother, Daily Tech reported yesterday, after a hacker has managed to infiltrate their financial records.

The hacker, who goes by the alias of 'MaddoxX', managed to access not only Valve's financial information, but also the credit card information of an unknown number of Steam customers as well as error logs and a partial listing of Valve's Cafe directory.

MaddoxX has announced that on top of this that he "has shell access everywhere". He has also posted a list of login details so that other hackers can create fake Cafe certificates.

Although neither Valve nor MaddoxX have announced how much credit card information was stolen, it's strongly suggested that all Steam users keep an eye on their accounts for a while.

MaddoxX is now apparently holding Valve to ransom, demanding in emails that the company offer him "something good" or he will release all information he has. This would include putting all of the credit card information into a spreadsheet that he would distribute.

If you think you might be affected by this hack, or if you just savour a chance to rub Valve's nose in it, then why not join us down in the forum and let us know!
Quote pendragon 19th April 2007, 18:10
<fyi>the discussion link at the bottom of the article is busted </fyi>

Yikes! I'm glad I havent bought anything through Steam!
Quote bahgger 19th April 2007, 18:13
That's pretty crap :/
Quote ozstrike 19th April 2007, 18:13
I would not only keep an eye on steam accounts, but on credit card spending too. Check your bills :)
Quote Mosey 19th April 2007, 18:13
Uh oh, i wish i was in the same boat as you pendragon...

This better get resolved quickly.
Quote Jamie 19th April 2007, 18:17
Quote:
Originally Posted by pendragon
<fyi>the discussion link at the bottom of the article is busted </fyi>

Fixed ;)
Quote DougEdey 19th April 2007, 18:21
I think it was Tad or Nexxo that said they only use paypal with places they don't trust.

That's why I only bought one thing via steam and even that stuffed up!
Quote Burnout21 19th April 2007, 18:25
i cant believe that this has happened, i think the sh*t has hit the fan!!!!

i hope valve dont give in with the **** of a hacker, because he can just realse the info he has already.

i am so happy that i purchase over the counter, and dont own a cerdit card!
Quote pendragon 19th April 2007, 18:29
i was reading the comments on the dailytech's report and some of the posters say this dude's profile is a 22 y/o russian... somehow I'm not sure he'll get caught :-/
Quote Duste 19th April 2007, 18:34
Quote:
Originally Posted by pendragon
i was reading the comments on the dailytech's report and some of the posters say this dude's profile is a 22 y/o russian... somehow I'm not sure he'll get caught :-/

Russian, eh? Maybe this "something good" he's looking for is just a bottle of Vodka. God damn Russians, lol. :D
Quote BioSniper 19th April 2007, 19:05
Right, time to call the card company and get my card replaced then.
Quote bjrcboy 19th April 2007, 19:07
Quote:
Originally Posted by Duste
Russian, eh? Maybe this "something good" he's looking for is just a bottle of Vodka. God damn Russians, lol. :D

Lol i dated a russian and her father always had atleast 5 bottles and a handle of vodka around.

That sucks but i wonder how to get these cafe certificates?! lol....
Quote Tyinsar 19th April 2007, 19:09
Quote:
Originally Posted by pendragon
Yikes! I'm glad I havent bought anything through Steam!
Same here, I had thought of it but...
Quote:
Originally Posted by DougEdey
I think it was Tad or Nexxo that said they only use paypal with places they don't trust.
...
That's a great plan, if I had a paypal account, and if they don't get hacked.

I'm guessing he gets caught - then hired *#%&@! :(
Quote jakenbake 19th April 2007, 19:21
well, when steam can't even get 'friends' or 'favorites' to work properly, what did you honestly expect.
Quote Major 19th April 2007, 19:38
LOL, One of the funniest things I have heard today.
Quote g3n3tiX 19th April 2007, 19:48
@ jakenbake
Friends works flawlessly for me, as well as Favorites.
They have been revamped recently.

I hope the CC info only is for cyber cafes, because I think Steam only knows the last 4 digits of credit cards numbers: if I want to buy a new game I have to retype the number.
I used my FATHER's credit card, telling him it was secure, and now this happens... bugger.
Quote bluep3ace 19th April 2007, 20:02
i'm glad i haven't bought games off steam. ati vouchers ***!
i got mine when they were still around before hl2 came out.
Quote AndyFielder 19th April 2007, 20:54
Im so screwed, i have every game on there pretty much.. (bit of a steam addict :()...bollox, what should i do to protect myself??

Andy
Quote Veles 19th April 2007, 21:05
Oh bugger, bought a couple of things off there, well not me personally, but my dad and my gf's mum when you were forced to pay by credit card.
Quote nphekted 19th April 2007, 21:09
He definitely hacked the webserver and an internal fileserver, but as of yet there's absolutely no proof that he really has financial records.

I wouldn't get too worried yet.
Quote sam.g.taylor 19th April 2007, 21:31
I don't know if this has already been done, but it (with a little more drama and explosions) could make for a good movie.
Quote stevie1556 19th April 2007, 21:44
I've just recently got my new credit card thought, and it's a pre pay one. I only use that card when I buy stuff online, and my bank card and proper credit card only get used in shops.

If people are interested, www.mycashplus.co.uk I think is the site. At least if someone gets hold of your card details, they can only spend what little you keep on that card (normally I keep about £50 at a time on it).

It has taken a fair while for the Steam servers to be well and truely hacked, so I think they did a pretty good job of keeping them faily secure.
Quote Nature 19th April 2007, 22:01
That's great news to me. Steam is awwwwwwwwwww-ful.
Quote speedfreek 19th April 2007, 22:05
Months since I bought anything through them, and on an old debit/credit card too.

Something good could be anything, mabey he is trying to get ep 2 released earlier.
Quote ozstrike 19th April 2007, 22:23
Quote:
Originally Posted by DougEdey
I think it was Tad or Nexxo that said they only use paypal with places they don't trust.

That's why I only bought one thing via steam and even that stuffed up!

I trusted Valve. It's a huge company, you expect them to have decent security.
Quote L2wis 19th April 2007, 22:27
lol some of the comments in this thread are brilliant :) No matter how secure a server is there is always one way in. Plus if it's an ex-employee (quite a high percentage of hacking is caused by ex-exployee's) he's going to know valve's system inside out and wudda made sure there was an open route after he left... Who knows it could be a just hoax.
Quote pendragon 19th April 2007, 22:31
heads up, folks

Steam wasnt hacked, just Cyber Cafe stuff

also, here
Quote Aankhen 19th April 2007, 22:54
Quote:
Originally Posted by Nature
That's great news to me. Steam is awwwwwwwwwww-ful.
I don't like Steam, but frankly, I don't see how the heck that can be "great news" to you. It's "great news" that millions of people's credit card numbers were (allegedly) stolen? How messed up are you? As a reluctant Steam user myself, I have to say I find your comment extremely offensive.
Quote zhangmaster12 20th April 2007, 00:19
ok good. wasnmt hacked. its just cyber cafe stuff. thats not too big a deal.

i like steam, they are easy and no shipping/tax charges : )
Quote Nature 20th April 2007, 02:07
Quote:
Originally Posted by Aankhen
I don't like Steam, but frankly, I don't see how the heck that can be "great news" to you. It's "great news" that millions of people's credit card numbers were (allegedly) stolen? How messed up are you? As a reluctant Steam user myself, I have to say I find your comment extremely offensive.


Excuse me for enjoying acts of anarchy.

No one will die or get hurt, at most The credit card #'s will be distributed to those who can exploit them. I would assume the Credit companies have counter measures fr such situations.

I've lived in many places on the planet where Steam is innaccessable, and therefore my favortie games were inaccessable. I've had stolen or lost 3 steam accounts! I Like my games as property, not just as a # on some server that anyone (obviously) can hack and steal. The old way worked fine as CD's and DVD's.

Now steam will change in two ways: 1. Secuirity of accounts will be "safer". 2. Complaints stated by Half Life, CS, and users of steam will taken with greater attention.

"Maddox's" intentions don't look like a thief's, but rahter someone passionate about their games.
Quote Aankhen 20th April 2007, 03:47
Quote:
Originally Posted by Nature
Excuse me for enjoying acts of anarchy.
"acts of anarchy"? Breaking into a server to gain access to credit card numbers is not some sort of heroic "act of anarchy". It's theft.
Quote:
No one will die or get hurt, at most The credit card #'s will be distributed to those who can exploit them. I would assume the Credit companies have counter measures fr such situations.
That is an incredibly naïve view. Don't make assumptions.
Quote:
I've lived in many places on the planet where Steam is innaccessable, and therefore my favortie games were inaccessable. I've had stolen or lost 3 steam accounts! I Like my games as property, not just as a # on some server that anyone (obviously) can hack and steal. The old way worked fine as CD's and DVD's.
…so boycott Steam.
Quote:
Now steam will change in two ways: 1. Secuirity of accounts will be "safer". 2. Complaints stated by Half Life, CS, and users of steam will taken with greater attention.
Can't argue with the first point. The second point is completely illogical. The security of Steam as a service has nothing to do with whether Valve pays attention to user complaints.
Quote:
"Maddox's" intentions don't look like a thief's, but rahter someone passionate about their games.
Repeat after me: the end does not justify the means.
Quote zndkwin 20th April 2007, 03:55
Quote:
Originally Posted by Aankhen
"acts of anarchy"? Breaking into a server to gain access to credit card numbers is not some sort of heroic "act of anarchy". It's theft.

That is an incredibly naïve view. Don't make assumptions.

…so boycott Steam.

Can't argue with the first point. The second point is completely illogical. The security of Steam as a service has nothing to do with whether Valve pays attention to user complaints.

Repeat after me: the end does not justify the means.


Repeat after me: the end does not justify the means

Tell that to w bush
Quote mattthegamer463 20th April 2007, 04:59
If only I hadn't have bought Garry's Mod 10 off steam, then I wouldn't have to worry about this!


PS I don't regret it. :) Best $10 I ever spent.
Quote Overboardkiller 20th April 2007, 08:00
I don't know if this will get deleted from this forum but .....
http://72.14.253.104/search?q=cache:s_RnckPD3CUJ:emp.damage-web.net/viewtopic.php%3Fp%3D62590+MaddoxX%40no-steam.org&hl=en&ct=clnk&cd=1&client=opera
Thank god for Google Cache :)
Quote [USRF]Obiwan 20th April 2007, 09:18
the most funny thing is, that i have read on numurous forums and news sites comments and made a compilation of it:


That the guy is a: rusian, france, polish, american, isreal, dutch, german belgian, english, ukrain person and that alot of people know someone that knows him personaly...
And he is a: radical, relegios, antigamer, idiotic, sociopathic, loving, appreciated, awesome, godlike, frustrated, crazy, mad, nuts, crackedup, dope, hacker, cracker, coder, noob, 1337, wanabe, gamer, scriptkiddy...
That wants nothing more then: Bring down valve, steam, games, creditcard companies, your/them/their creditcard info, your/their/them money,blame someone/something, freck other gamers, money, spread fear, fame, selfenrichment, rule, proof to someone/something, a girl, and other weird stuff and speculations...

:?
Quote dire_wolf 20th April 2007, 11:14
mmm guys, don't know if you've realised this, but it's only the people that are part of the cyber cafe reccuring payments program that are affected, normal users that have purchased games through steam aren't affected, so there's no need to gets cards replaced etc.

Also, i'm pretty sure that it isn't legal for any company to store your card details once the transaction has cleared. (well apart from the last few digits of the main strip number for cross referencing puropses)


Also, how sloppy is that guy lol, bound to get busted any moment
Quote Boswell 20th April 2007, 11:38
A quote from a steamreview.org poster:

"We are a cyber cafe member of valve. I can verify this theft as well as also make some corrections. The account information was stolen many weeks ago, in late March. It wasn’t until Easter that the hacker contacted some of the cafe owners to show them and released the information. Also, Valve has NOT made any attempt to contact the cafe owners affected and continual has been caught with contradicting responses when questioned by us.

Valve chose not to contact those at risk and still has yet to do so. The cafe owners who are a part of igames.org (a popular cyber cafe ownership program) found out about this and we are furious. I contacted Doug at Valve myself and was told “We aren’t required by law to inform you of your information being stolen”."
Quote Redbeaver 20th April 2007, 16:35
Quote:
Originally Posted by zndkwin
Repeat after me: the end does not justify the means

Tell that to w bush


oooooooo......... BURNED!!!!

hahaha...

nobody's gonna get hurt from loosing their creditcard number - incredibly naive point of view, eh?

with the exception of somebody's truly depressed with his financial got hacked for $1,000,000 and decided to do something stupid....

99% stolen money from creditcard theft/fraud is usually buffered by the bank, meaning the owner will get into a bit of a hassle, but the bank's usually the one that gotta do the big paperwork to pull the money out of insurance or their own pocket.... and thats it.

maybe people watch Swordfish too many times........
Quote Nature 20th April 2007, 16:59
Quote:
Originally Posted by Aankhen
"acts of anarchy"? Breaking into a server to gain access to credit card numbers is not some sort of heroic "act of anarchy". It's theft.

That is an incredibly naïve view. Don't make assumptions.

…so boycott Steam.

Can't argue with the first point. The second point is completely illogical. The security of Steam as a service has nothing to do with whether Valve pays attention to user complaints.

Repeat after me: the end does not justify the means.

1.Nothing has been stolen, only flaunted at this time. How is it theft if nothing has been stolen???????????????? HOW??? HOW????!!!!!!!!!!

2.It's not an assumption, all credit card companies have counter measures and are completly reliable for the theft and/or the business trafficing the info.

3. Boycott? And not play the games I find entertaining and spectacular? Not play the games I've been playing since I was 17?

4. zndkwin said it best...

5. Very funny ObiWan :D This Maddox guy has found Geek stardom with all this gossip!
Quote DougEdey 20th April 2007, 17:57
Nature: The "person" actually published a list of credit card numbers, *someone* dumped a load in this thread and was promptly banned.
Quote Tyinsar 20th April 2007, 17:59
Quote:
Originally Posted by Redbeaver
...
nobody's gonna get hurt from loosing their creditcard number - incredibly naive point of view, eh?
...
Yes it is. Banks & credit card companies can be incredibly stupid about credit histories - ask anyone who's ever been a victim of identity theft. Even if you prove it wasn't you, some have found that they have to keep proving that over and over and over. >:(
Quote zero0ne 20th April 2007, 18:34
Quote:
Originally Posted by g3n3tiX
@ jakenbake
Friends works flawlessly for me, as well as Favorites.
They have been revamped recently.

I hope the CC info only is for cyber cafes, because I think Steam only knows the last 4 digits of credit cards numbers: if I want to buy a new game I have to retype the number.
I used my FATHER's credit card, telling him it was secure, and now this happens... bugger.

I am pretty sure valve (STEAM) does CC payments on their own. IE they don't 3rd party that stuff.

This means that they would HAVE to keep all the information locked up somewhere be it for logs and for the transaction in the first place (though for one time transactions, they may not save anything once it gets passed through)

but the CC numbers are DEFINITELY stored for cybercafe accounts since its a recurring bill

I also hate how they say that the cybercafe accounts get EVERYTHING, because im looking at a cybercafe steam account right now, and i cant get access to half the games...

(some new ones arent showing up on the list, but when i go to purchase the game, it says i already own it... WTF?)
Quote zero0ne 20th April 2007, 18:38
Quote:
Originally Posted by Nature
Excuse me for enjoying acts of anarchy.

No one will die or get hurt, at most The credit card #'s will be distributed to those who can exploit them. I would assume the Credit companies have counter measures fr such situations.

I've lived in many places on the planet where Steam is innaccessable, and therefore my favortie games were inaccessable. I've had stolen or lost 3 steam accounts! I Like my games as property, not just as a # on some server that anyone (obviously) can hack and steal. The old way worked fine as CD's and DVD's.

Now steam will change in two ways: 1. Secuirity of accounts will be "safer". 2. Complaints stated by Half Life, CS, and users of steam will taken with greater attention.

"Maddox's" intentions don't look like a thief's, but rahter someone passionate about their games.


I don't know how you can talk about steam so negatively...

The concept is rock solid, and the current implementation of it is always evolving and getting better.

people bitch and moan about their games not working because they dont have the internet yadda yadda, but then you want companies to also lower the retail prices ???

Steam could be used to cut out the middle man completely, no boxes to make, no paper manuals to print, and no CDs to press. eventually it will allow for games to be cheaper.

Also, all of steams non MP games can be played without an internet connection, you just need to be able to connect ONCE to tell it you want to run these games in offline mode from now on...

I also think that this may already happen in the background when it detects that its offline.
Quote z3rb 20th April 2007, 22:46
http://forums.facepunchstudios.com/showthread.php?p=5290364#post5290364

less than three Garry
Quote Aankhen 20th April 2007, 23:28
Quote:
Originally Posted by Nature
1.Nothing has been stolen, only flaunted at this time. How is it theft if nothing has been stolen???????????????? HOW??? HOW????!!!!!!!!!!

2.It's not an assumption, all credit card companies have counter measures and are completly reliable for the theft and/or the business trafficing the info.
I'll ignore these since they've been amply answered by others. :)
Quote:
3. Boycott? And not play the games I find entertaining and spectacular? Not play the games I've been playing since I was 17?
Then quit whining. When you buy those games (whether from Steam or at retail) and play them through Steam, you're supporting Steam.
Quote:
4. zndkwin said it best...
I'm not sure what zndkwin's quote has to do with what I said. All that post said was "tell that to w bush", which was presumably meant to be funny.
Quote:
5. Very funny ObiWan :D This Maddox guy has found Geek stardom with all this gossip!
Indeed. Perhaps that was the ultimate end, eh? ;)
Quote zndkwin 21st April 2007, 00:29
No, it wasn't meant to be funny. I was dead serious.
Quote f00dl3 25th April 2007, 14:31
Any system that is capable of storing purchase history and credit card numbers like Steam is something that can be hacked. It's not a matter of if, but when. There are probably numerous other incidents that occur that they place a gag order on before we even hear about it.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.







Mobile Phones

LG Arena ReviewHTC Magic Review

Compare over 250 mobile phones &
52,000 deals!



Broadband

Mobile Broadband

Compare over 100 broadband & mobile broadband deals online!