The Steam Review

Comment and discussion on Valve Software’s digital communications platform.

Cybercafe card details stolen

No danger to other customers :: April 19th, 2007 :: Events, Valve :: 139 Responses (Feed)

You may by now have heard that “Steam” was broken into a week and a half ago and “consumer” credit card details stolen. As the quote marks suggest the breach has been played up by those behind it, whose exaggerations have been somewhat naively passed on by a number of big sites today. In actuality:

  • Steam was not compromised, only a regular Valve file server. In fact according to Valve it was a “third-party site” — though what sort of third party stores the sum in their corporate account I don’t know.
  • Consumer credit card information has not been stolen. The numbers in danger are all held by cybercafe owners, who have recurring subscriptions to their Steam games and have probably all long been informed (or not?). Consumer data are only stored in enough detail to fight mass fraud, not make purchases, and weren’t compromised anyway. Paying at a cafe does not put your card at risk.

All this will certainly make sure that when consumer subscriptions do arrive (as they will with Pirates of the Burning Sea) they’ll be properly secured, but given that it isn’t really a Steam issue there’s not much more for me to talk about. If you see anyone worrying, send them here!

Update: Valve’s statement, from 1UP:

There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at catch_a_thief@valvesoftware.com.


139 Responses to this post:

31 Comments

  1. Krosserdog Says:

    Thanks, this makes me feel a bunch better. I’ve only made on purchase on Steam and I can’t remember if it was with my (currently expired) old creditcard or with my new one (which I also got around the time of purchase).

  2. Zips Says:

    That’s rather absurd you’re going ahead and posting these as facts without so much as a source cited or a link.

  3. some one Says:

    Zip you cant talk.You posted your own article over at csnation.. Digg is a reliable source now is it?

    Think not.

  4. freddy bob Says:

    zips, more fact than you can ever pull out of your ass

  5. Zips Says:

    Zip you cant talk.You posted your own article over at csnation.. Digg is a reliable source now is it?

    Think not.

    The Digg article at least linked to something far more tangible than this junk. Come on Varsity, where’s your source? Hm?

    Freddy Bob: Sorry you feel that way, but as it stands, I’ve had far more fact in my reporting of this than Varsity has. There are at least SOURCES for mine. Until Varsity comes up with something, he’s got nothing.

  6. freddy bob Says:

    You are playing a game of the lesser of two evils, you deem Varsity’s report to be factless yet you personally have barely any more information. One digg article doesn’t make your csnation article justified in any way.

  7. Zips Says:

    You are playing a game of the lesser of two evils, you deem Varsity’s report to be factless yet you personally have barely any more information. One digg article doesn’t make your csnation article justified in any way.

    The Digg article links directly to the site in question that has all of the information posted. I’d say that’s quite justified compared to a non-source news post like this.

  8. someone else Says:

    Since Valve hasn’t made a comment on this quite yet, and since the only first-hand information we have is from the hacker, who is likely to serve his own interests through embellishment and misinformation, and since attacking another web journalist’s methods when your own methods suffer an equal amount, how ’bout we discontinue the derailment of this post and simply acknowledge that not all of the facts of this matter are currently verifiable.

  9. chickie pie Says:

    The Digg article links directly to the site in question that has all of the information posted. I’d say that’s quite justified compared to a non-source news post like this.

    yes ok but you say in your news posting that you wont link to the site in question, you say here that the site in question is the source you’re pointing people to.

    ===============================================
    According to at least one website, it seems as though Valve may have been the victim of a hack attempt. This hacking, if this is indeed all true, came away with information regarding Valve’s financial records, Cyber Cafe account information, the multi-core tech demos, and the real kicker, customer’s credit card information.

    I’ve been unable to get a reply back about this from Valve to verify the validity of any of this, and I honestly doubt most website will hear back about this sort of matter. So, for the time being, take this news with a grain of salt. The originating link of the site this news comes from will not be linked here for several reasons. However, I learned of this through a submission on Digg if you want to take a look around there. If you feel the need to comment on this, I ask that you do not link to the site in any of your comments.
    =============================================

    evenif if it is a valid source the csnation news item reads like “valve may have been hacked, we dont know if its true, we dont know what really happened either so for the time being take this information with a grain of salt” and if thats how news should be reported then god help us all

    but yes i agree with u if ur not going to back up what ur saying in a post here then why say anything at all

  10. Tom Edwards Says:

    Come on Varsity, where’s your source? Hm?

    I’m not linking to the thing. If I was going to do that I may as well have posted this ten days ago when I and others started getting e-mails about it — and I didn’t then because just as now attention only encourages these people. The link would have contained confidential data too (edit: as I see you already understand).

    If you’ve looked at the package or even just its a list of its contents, and apply a bit of logic, this stuff is all pretty obvious.

  11. Ryno5660 Says:

    Well…I used a card to by gmod 10 in early ’07…Are they telling me that i’ve been fucked over because their wall just isn’t high enough?

  12. hahnchen Says:

    This guy is not going to get caught unless someone sells him out. I doubt he’ll fall for the same honeytrap as the HL2 source code guy.

  13. Zips Says:

    I’m not linking to the thing. If I was going to do that I may as well have posted this ten days ago when I and others started getting e-mails about it — and I didn’t then because just as now attention only encourages these people. The link would have contained confidential data too (edit: as I see you already understand).

    If you’ve looked at the package or even just its a list of its contents, and apply a bit of logic, this stuff is all pretty obvious.

    I’ve seen the list of contents, it’s only displayed everywhere on the Internet now, but nowhere do any of those lists say the scope limitation of “customer’s credit card” information, now does it? No. Certainly not unless you downloaded the content yourself, right?

    As I had no intentions of doing that, though you seem like you might have, I was going based on what was clearly read from the originating site and other “similar” sites along the same vein.

    And no, attention to something of this nature leads to the actual truth being revealed, which Valve did in talking to 1up, not hiding it and pretending like it doesn’t happen while user’s private information is at stake. Quite amazing how long it took Valve to actually come forth with some statement, no? I think so, especially after this went very public.

    Oh, and for future reference, I applaud you on not actually linking to your source that contains all of this information, however in the future you may want to mention what your source type is instead of making it look like you pulled your information out of thin air.

  14. Joe Says:

    Protecting the confidentiality of sources that may not wish to be named is a standard journalistic practice, so stop getting all Holier-than-thou about it.

  15. Zips Says:

    Protecting the confidentiality of sources that may not wish to be named is a standard journalistic practice, so stop getting all Holier-than-thou about it.

    I wasn’t asking for specifics. Read next time.

  16. someone else Says:

    He was right about the holier-than-thou part though. Next time you want to rebuke a fellow web-journalist, perhaps doing it privately will make you look less pompous and self-aggrandizing.

  17. Starblazer Says:

    They did not inform us until we pressured them into telling us what happened.

    This coming from someone who has paid VALVe for 4 years. (That’s $19,200) to allow my customers to play STEAM and any CS game legally.

  18. hahnchen Says:

    Linking to digg = Pulled out of thin air = Heard off a scouser in a pub

    Let’s not even pretend that it isn’t. Although you could have done the *RUMOUR* warning thing which seems to be the de-facto blog standard.

    Still it’s all pretty moot now being that Valve has croaked.

  19. JerRatt Computers Says:

    We are a cyber cafe member of valve. I can verify this theft as well as also make some corrections. The account information was stolen many weeks ago, in late March. It wasn’t until Easter that the hacker contacted some of the cafe owners to show them and released the information. Also, Valve has NOT made any attempt to contact the cafe owners affected and continual has been caught with contradicting responses when questioned by us.

    Valve chose not to contact those at risk and still has yet to do so. The cafe owners who are a part of igames.org (a popular cyber cafe ownership program) found out about this and we are furious. I contacted Doug at Valve myself and was told “We aren’t required by law to inform you of your information being stolen”.

  20. Status Quo Says:

    Well,

    Regardless of the scope and impact of this issue, questions surrounding who’s been informed/not informed and we’re it all goes from here; this exercise has demonstrated one clear and consistent stand out.

    Zips, you always were – and remain to be a bullying, abusive fuckwit.

  21. Krintin Says:

    Protecting the confidentiality of sources that may not wish to be named is a standard journalistic practice, so stop getting all Holier-than-thou about it.

    Valve to actually come forth with some statement, no? I think so, especially after this went very public.

    somthing not quite right…..why did valve choose Darren Gladstone from 1up to go public(if you could count that as going public)…and if the above is correct then they are too gutless to publish it on their own page(if they have they’ve done a good job of hiding it)….somthing would be good in their “STEAM NEWS” section….obvoiusly this isnt steam news….hmmmmm I wonder why?
    Mabie the in-game ad’s concept may have sparked some rage with the hacker….it would be good if that was the reason cuz mabie they’d think twice about selling out….goodbye Counter Strike, its been fun.

  22. valvercheatersandliers Says:

    somthing not quite right…..why did valve choose Darren Gladstone from 1up to go public(if you could count that as going public)…and if the above is correct then they are too gutless to publish it on their own page(if they have they’ve done a good job of hiding it)….somthing would be good in their “STEAM NEWS” section….obvoiusly this isnt steam news….hmmmmm I wonder why?
    Mabie the in-game ad’s concept may have sparked some rage with the hacker….it would be good if that was the reason cuz mabie they’d think twice about selling out….goodbye Counter Strike, its been fun.

    lol yeah your right they are gutless and whats so special about 1UP
    The release of “Infernal” on steam seems to be bigger news at the moment.
    Would anyone buy it now knowing one of their servers has been hacked?
    If Maddoxx has gotten into 1 of them its possable he can get into all of their servers or already has.

    He’s obviously got more info and done more than what he says he has but not telling the public so he can just take them up the back without anyone knowing.

    9million$, thats probebly just one of their 9 million bank accounts.or just the one dedicated to the bosses weekly pay check

    well no more steam for me especially if we’re gonna be getting the ads in the game

  23. loldudes Says:

    I bet they aint going to do shit against this hacker.. he has been around for more then 3 years and pirated all their games so far.. this time he pushed them… valve doesnt even have info on this guy they setup an email to gather information LOL thats just pathetic I mean come on.. I find 1000+ people with the same nickname MaddoxX or Maddox

  24. Tom Edwards Says:

    nowhere do any of those lists say the scope limitation of “customer’s credit card” information, now does it? No.

    It says nothing, which is why we must use a bit of intuition instead. Are you going to argue against my reasoning?

    And no, I haven’t downloaded it.

    If Maddoxx has gotten into 1 of them its possable he can get into all of their servers or already has.

    It doesn’t work like that.

    I mean come on.. I find 1000+ people with the same nickname MaddoxX or Maddox

    Nor like that.

  25. Tom Edwards Says:
  26. nikomo Says:

    Sigh, like I didn’t see this coming ages ago, if it’s connected to Internet, it’s not safe.

    Also Zips, unban me at steampowered, rawr.

  27. george_bush_fr Says:

    is there people who thinks that the hacker is “inside” valve corp ?
    my idea is : one gained access to the “main pc” from the valve intranet . as steam has a lot of traffic with a huge number of ips : servers and players [ 1 mn stat for steam page_stats ] , same personn from valve hacked emporio website to declare the ccard … , nice try to fool the “police” on the bad road 8] ……..

  28. Al3xand3r Says:

    Dur, even if you don’t know the exact content of the files it is very clear that they were aquired illegally and that the public isn’t meant to have them as they were provided as proof of the hack. Therefor, it was the smart thing to do, not providing a link to places that offer illegal content. On the other hand, it was also the smart thing to do, to inform people of the potential breach. I did the same thing on my site, though I explained myself thinking there may be people like you around Zips:
    http://www.mod-hq.com/index.php?page=news&article=370

    Also, I later found out they didn’t “pick 1UP” to unveil this, the message was posted on the steampowered forums, I only credited 1UP because it was the right thing to do as I saw it there first.

    Sorry for being late to respond to this crap with my view, I love this site, I just don’t have that much time these days.

  29. Loyst Says:

    I have buy game on steam. Is my credit card details stolen. Please pm to my email steam.

  30. Mike Says:

    Thanks for the Info. Never looked at my cc

  31. Tona Says:

    Haha ^^ nice, is there a section to follow the RSS feed

108 Trackbacks/Pings

  1. changing my creditcard a problem? - Steam Users Forums
  2. cdg.net :: View topic - VALVe: "Oh snap, we got hacked"
  3. Rumor: Valve Hacked, CC Numbers Stolen - Kotaku
  4. Peliplaneetta.net :: Keskustelut :: Yleistä asiaa :: Hakkeri Valvessa!
  5. ComputerBase - Steam gehackt, Kreditkartendaten gestohlen?
  6. Rumor: Valve Hacked, CC Numbers Stolen - Kotaku
  7. StarDestroyer.Net BBS :: View topic - Steam might be hacked keep a eye out on the CC
  8. Octopus Overlords :: View topic - STEAM hacked...checked your credit card statement lately?
  9. Steam-Database gehackt? - counter-strike.de
  10. DailyTech: STEAM Hacked, User Credit Cards May be at Risk - Sharky Forums
  11. Steam Hacked? (Updated) - Shacknews
  12. FZ :: Tråd :: Steam möjligen hackat
  13. Valve/Steam: So do I cancel/change my credit card? - Page 2 - Quarter To Three Forums
  14. Santa Barbara Video Game Club :: View topic - Valve's Steam service hacked, credit card info obtained
  15. PC Games Online - News: Steam wurde angeblich gehackt
  16. Gameguru Mania - Gaming, Software, Hardware and Technology News
  17. Steam's Cybercafe shit hacked - Facepunch Studios
  18. Valve hacked again? - Mod DB Forums
  19. Valve hacked, Credit Card numbers may be released - Page 2 - Firearms: Source
  20. bit-tech.net Forums - Steam hacked, credit card info stolen
  21. Valve got hacked ? - THESGL.COM
  22. VALVe held hostage - Eon Blue Apocalypse - A Gaming Community
  23. Unreal Playground Forums - STEAM hacked. watch your credit card statements.
  24. TWHL: Half-Life WorldCraft / Hammer Mapping Tutorials and Resources
  25. Halflife[2].nu v4 | NYHETER | Valve hackat & kontoinfo lckt
  26. Half-Life hacker hods Valve to ransom - Page 2 - Rage3D Discussion Area
  27. Elite Bastards - View topic - Steam hacked - User credit cards at risk? - We find it offensive that you find it offensive.
  28. The KrackHouse Forums - Valve has been hacked!
  29. Valve Allegedly Hacked - [Evil-Inc.] - Evil Incorporated!
  30. Valve's Steam Servers Hacked. Credit Card Information Accessed.
  31. Interlopers.net // View topic - Valve got hacked...
  32. Edge Gamers Organization: Forums / General Discussion / Valve Hacked, Credit Card Info Stolen
  33. Wing Walkers (virtual) Combat Squadron :: View topic - Steam hacked and threatend.
  34. Steam hacked? - Half-Life Fallout Forums
  35. Talk:Steam (content delivery) - Wikipedia, the free encyclopedia
  36. [I AM] Clan :: View topic - If you bought STEAM games online...look at this.
  37. steam rumors
  38. PAL Gaming Network :: View topic - Steam Hacked
  39. Mamma Jamma's Community Forum :: View topic - Valve Hack Claim
  40. Valve hacked? - Page 2 - GamerNode Message Boards
  41. FPSBANANA > Forum > STEAM - Valve Steam > General > The Truth about the Steam Hacking.
  42. Valve Hacked. Your Info may be at risk. - Neowin Forums
  43. Power-Shock Multi-Gamer :: News
  44. Steam Hacked
  45. Valve has been hacked ? - Page 2 - nV News Forums
  46. Internode Games Network :: View topic - Steam Hacked - Cafes At Risk, User Credit Cards Next?
  47. Mischmasch 2 « Jan Schejbal
  48. Uh-oh - Steam 'hacked' - The Guild
  49. STEAM in pericolo!!! - Forum di TGM Online
  50. Valve: Steam wurde doch nicht gehackt?! | Aktuellste Neuigkeiten aus der Spielebranche @ DemoNews.de
  51. STEAM has been HACKED! Customers Credit Cards have been EXPOSED! - Page 3 - 3D Realms Forums
  52. MekTek.net Forums
  53. CS.RIN.RU - Steam Underground Forum :: View topic - CafeSteam Hacked
  54. counter-strike.de
  55. Hinnavaatluse Foorumid :: vaata teemat - Counter-Strike: Source
  56. Valve's Steam service hacked - The Ban List
  57. Was Valve/Steam Hacked?
  58. Opnieuw inbraak bij Valve - Frontpage Algemeen - GoT - Powered by React
  59. 5punk.co.uk :: View topic - Valve's Steam service hacked, credit card information obtai
  60. DEAR WANDY / Steam Hacked
  61. [O.P.B.P.] Forum :: View topic - Steam gehackt, Kreditkartendaten geklaut?
  62. Rsnl.eu :: Onderwerp bekijken - Steam hacked!
  63. saarnoops.de - Home of saarNoops - sN Forums-viewtopic-Valves Steampowered-Server angeblich gehackt
  64. HLP | News | Valve-Seiten gehackt: Steam nicht betroffen
  65. Was Anyone Aware Steam Was Hacked Yesterday? - General Discussion Forums
  66. VALVE BEING HELD FOR RANSOM!! - Page 2 - eSport Forums
  67. Gaming.dk | Forum
  68. Dummies got Rifles
  69. Aggirato il sistema di sicurezza di Steam - Hardware Upgrade - Il sito italiano sulla tecnologia - www.hwupgrade.it
  70. rage - bhop - razor Long Jump Tutorial - News
  71. Valve Hacked - Noob Refuge - Counter-Strike: Source Community
  72. SuDDeN :: View topic - Valve Hacked - Credit Card Numbers Gathered
  73. |SFH| Sent From Hell :: Clan Forums: Dont know if youve heard
  74. Techzine - Nieuws: Steam gecrackt, cracker eist losgeld - ICT Nieuws / Community site
  75. Halflife[2].nu v4 | NYHETER | Valve hackat, kontoinfo lckt*
  76. TweakGuides.com
  77. Test Server Central: Forums / General - Game Related / *Valve Hacked(Again)*
  78. =SiK= :: View topic - HUGE NEWS
  79. MaddoxX Released Information On Valve Being Hacked (All Customer's CCs Got Stolen) - Page 2 - X-Devs
  80. Myspace.com
  81. DigitalZone - A Counter-Strike Community
  82. If you've used a Credit Card on STEAM... (VALVe got hacked again)
  83. eGame - Community Clan of Makersfield - News
  84. Elite Jerks We Are All Jerks Deal With It Forums-viewtopic-Valve got hacked and CC#s got released.
  85. Loa-gaminG | Clanpage :: News
  86. The OldBoys Clan
  87. =Dynamite-Clan=
  88. Elite Jerks We Are All Jerks Deal With It
  89. PAL Gaming Network :: View topic - Steam Hacked
  90. Call of Duty | News: Gerchtekche Call of Duty 4, Steam-Erpressung... | GameCaptain.de
  91. Valve hacked .. again - Page 2 - Guru3D.com Forums
  92. Valve Hacked: Cafe Credit Cards Compromised by Video Games
  93. Steam HACKED. - MMORPG Development Forums - RaGEZONE
  94. » Blog Archive » Valve Hacked: Cafe Credit Cards Compromised - http://games.napsurf.com
  95. Half-Life 2: Spiele-Vertriebssystem ist angeblich gehackt worden
  96. Willkommen beim Tactical Assault Team | Multigaming since 2004 :: News
  97. ́́ steam... Part8 ́́
  98. TWHL: Half-Life WorldCraft / Hammer Mapping Tutorials and Resources
  99. Steam Not Hacked - NZFortress - New Zealand's Team Fortress Community
  100. TM-FORUM :: View topic - TMU will be sold on the Steam Platform!!!
  101. ~.Lost Soldiers Berlin.~ - Valve: Gehackt? Screens sind da!
  102. ReD-FoX4u.eu | We W!ll R0cK YoU | #ReD-FoX4u | r0ckZ*cz | sTyLz*cz :: News
  103. bit-tech.net | Steam not hacked, third party Cyber Cafe server compromised
  104. Hateworx.org | Games, Konsolen,Hightech,etc. | Steam Datenbank gehackt?
  105. Valve hacked again? Thread - Mod DB
  106. Spiele-Vertriebssystem Steam offenbar gehackt - PC-Spiele / Konsolen - Movie2Digital - Technik Forum (powered by GNC)
  107. Steam Hacked
  108. GameBanana: The Truth about the Steam Hacking. (Forums > Steam > Other/Misc > The Truth about the Steam Hacking.)