The Brazilian Slaughter
Arcane
lI'm not worried, I'm such a poorfag they could't do anything with my stuff. Maybe send me "lol u gay" e-mails on Jew-Mail.
-
Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.
"This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.
The Great Christmas 2015 Steam Security Breach
- Thread starter Turjan
- Start date
- Joined
- Nov 29, 2010
- Messages
- 18,727
Underrail my ass. You were playing Fallout 4. Just admit it, there's no shame in it.
Ok there's lots of shame in it but still admit it.
Turjan
Arcane
- Joined
- Mar 31, 2008
- Messages
- 5,047
Update on Christmas Issues
Steam Blog - Valve
8:01pm
We'd like to follow up with more information regarding Steam's troubled Christmas.
What happened
On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.
If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.
Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.
How it happened
Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. During the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale.
In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. The Steam Store remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.
We will continue to work with our web caching partner to identify affected users and to improve the process used to set caching rules going forward. We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.
Steam Blog - Valve
8:01pm
We'd like to follow up with more information regarding Steam's troubled Christmas.
What happened
On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.
If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.
Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.
How it happened
Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. During the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale.
In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. The Steam Store remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.
We will continue to work with our web caching partner to identify affected users and to improve the process used to set caching rules going forward. We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.
Last edited:
- Joined
- Jan 28, 2011
- Messages
- 97,504
That's better. I was beginning to think the bizarre apologism seen in this thread and elsewhere was going to win
- Joined
- Nov 29, 2010
- Messages
- 18,727
ITT: codex flexes its nonexistent infosec muscles.
jagged-jimmy
Prophet
Gambler
Augur
- Joined
- Apr 3, 2006
- Messages
- 767
By now everyone should be used to the idea that every large service you're using will eventually leak all the information you've entered there. I'm seriously tired of people who feign surprised indignation every time this happens.
The reality is that no matter how much lip service companies will pay to "security" this will keep happening. Even if those companies legitimately increase investment in their own security (which they should) this will keep happening, although slightly less often.
The right thing to do is to accept that hacks and screw-ups will happen and design systems accordingly. Minimize the amount of information collected and stored. Purge old data. Make it easy to be pseudonymous. Decentralize services.
I remember that for years Steam was demanding your physical address whenever you wanted to buy anything, even if it was via PayPal. That kind of stuff is what people should really be outraged about, but most of the time the reaction ranges from dumb indifference to idiotic fanboy apologism.
The reality is that no matter how much lip service companies will pay to "security" this will keep happening. Even if those companies legitimately increase investment in their own security (which they should) this will keep happening, although slightly less often.
The right thing to do is to accept that hacks and screw-ups will happen and design systems accordingly. Minimize the amount of information collected and stored. Purge old data. Make it easy to be pseudonymous. Decentralize services.
I remember that for years Steam was demanding your physical address whenever you wanted to buy anything, even if it was via PayPal. That kind of stuff is what people should really be outraged about, but most of the time the reaction ranges from dumb indifference to idiotic fanboy apologism.
Lyric Suite
Converting to Islam
- Joined
- Mar 23, 2006
- Messages
- 56,643
How do we know that's you?
sullynathan
Arcane
There's a reason why I have never bought a game on GOG or STEAM.
toro
Arcane
- Joined
- Apr 14, 2009
- Messages
- 14,106
Because you don't know how to login?
sullynathan
Arcane
Because of outbreaks like these
jagged-jimmy
Prophet
How do we know that's you?
- Joined
- Jan 28, 2011
- Messages
- 97,504
sullynathan
Arcane
I didn't buy them though
sullynathan
Arcane
Don't even use that site
Turjan
Arcane
- Joined
- Mar 31, 2008
- Messages
- 5,047
It can be annoying. Someone from the Ukraine just tried to steal my Humble Bundle account. Which is also weird, given that there's basically just some DRM-free games on there, so I'm not sure why anyone would even try.
- Joined
- May 13, 2009
- Messages
- 27,243
You're not using this one either, except for shitposting.
sullynathan
Arcane
I'm a contributing member
As an Amazon Associate, rpgcodex.net earns from qualifying purchases.