Announcement

Collapse
No announcement yet.

Steam forum 3.8.7 got hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Steam forum 3.8.7 got hacked

    http://i.imgur.com/VFMpj.jpg

    i think its a good warning to all webmasters running 3.8.7 to be wary of this issue

  • #2
    Yeah, the steam forums are still down.

    Steam Forums

    Comment


    • #3
      We really have no clue what steam is running, or how the forum was comprimised, we don't even know if it was a direct attack on vBulletin (or one of their modifications if they run any).

      Comment


      • #4
        That does not look like a "hack" - rather that someone got the admins password and created a notice. I've not seen a hack like this - usually when hacked, the site is redirected or fully taken down, not a notice cleanly created. But, this is just speculation. If valve reaches out we'll be standing by to help in any way.
        anders | vbulletin team | check out the new vbulletin facebook app
        Proudly vBulletin'ing since 2001
        Please be my friend!
        http://www.twitter.com/inetskunkworks
        vBulletin Performance Articles:
        Click here to read

        Comment


        • #5
          Here is another picture of what the people did to their forums:

          http://img560.imageshack.us/img560/2...byvbulleti.png

          They made a forum linked back to their site and announcement. However, I think Anders got it right by someone stealing an admin password and doing this.

          Comment


          • #6
            All very mild... No pron, no dancing babies... Someone simply wanted to make a point.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              Originally posted by Wayne Luke View Post
              All very mild... No pron, no dancing babies... Someone simply wanted to make a point.
              Nothing mild if at the same time members receive spam sent to their registered e-mail addresses.

              From Techspot:

              At this point it’s unclear whether any private data like passwords or billing information has been compromised. ... If we had to take a guess, we’d point the blame at Valve’s use of forum software vBulletin which has seen its share of security breaches in the past.

              Comment


              • #8
                We don't know what the issue was. They haven't contacted us about it. They haven't opened a ticket with us in almost 5 years now.
                Translations provided by Google.

                Wayne Luke
                The Rabid Badger - a vBulletin Cloud demonstration site.
                vBulletin 5 API - Full / Mobile
                Vote for your favorite feature requests and the bugs you want to see fixed.

                Comment


                • #9
                  Maybe they installed a product (or made one) without enough security...

                  vBulletin QA - vBulletin Support French - Lead Project Tools developer

                  Next release? Soon(tm)

                  Comment


                  • #10
                    Originally posted by PitchouneN64ngc View Post
                    Maybe they installed a product (or made one) without enough security...
                    They have custom code to tie the forums into their Steam account system as far as I am aware. We'll never know for sure though unless they contact us directly or post an announcement.
                    Translations provided by Google.

                    Wayne Luke
                    The Rabid Badger - a vBulletin Cloud demonstration site.
                    vBulletin 5 API - Full / Mobile
                    Vote for your favorite feature requests and the bugs you want to see fixed.

                    Comment


                    • #11
                      it'll be the steam connect api not vb

                      Comment


                      • #12
                        Steam forum 3.8.7 got hacked

                        Wow! How scary! Here's hoping that the hacker gets caught and you get your forum back.
                        Aussiefootyforums

                        New Site New forum
                        Come and talk sports all day long


                        Comment


                        • #13
                          nice man
                          msn - domuz gribi - msn nickleri - msn adresleri

                          Comment


                          • #14
                            It seems Valve is sending an email to their users about this issue:

                            Dear Steam Users and Steam Forum Users,

                            Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

                            We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

                            We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

                            While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

                            We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

                            We will reopen the forums as soon as we can.

                            I am truly sorry this happened, and I apologize for the inconvenience.

                            Gabe.

                            vBulletin QA - vBulletin Support French - Lead Project Tools developer

                            Next release? Soon(tm)

                            Comment


                            • #15
                              Wonderful.

                              Funny part is, if it weren't for having the free Portal giveaway a few weeks ago, I wouldn't even have a Steam account.

                              Oh well. At least I wasn't a forum member..
                              - Maurice Workin' in the Jira mine, goin' down, down, down

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X