Report: Steam Forums Down, Possibly Hacked

November 7, 2011 -

The Steam forums are offline, with a message to visitors declaring that they are undergoing maintenance, but some users are telling Eurogamer that the forums may have suffered a security breach. Currently the forums are displaying the following message:

"The Steam Forums are temporarily offline for maintenance," a message on Steampowered reads. "Your patience is appreciated."

Eurogamer received an email from one Steam user who said a group changed the text on the forum and spammed some users' email addresses. The group is reportedly from FknOwned.com, a website that offers video game hacks, porn, etc. The group managed to deface the forums and some users reported receiving emails from Steampowered.com with the following message:

"Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit [removed domain] It's safe, secure and undetected."

"Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think."

"Thanks again, the fkn0wned team."

No one has claimed that user data has been compromised or that any Steam accounts have been breached. Valve has not publicly commented on this story.

Source: Eurogamer

Posted in

Comments

Re: Report: Steam Forums Down, Possibly Hacked

Thankfully the Steam forums use the vBulletin forum software which encrypts account passwords (using md5 with salt) in the database (I know since I've set up vBulletin forums before). This makes it absolutely impossible to decrypt them back into plain text again (the wonders of trap-door cryptography).

 

The hackers could on the hand change people's forum (not Steam) passwords if they broke into the Admin Panel but that wouldn't accomplish anything useful. The worst it seems they've done is collected a huge list of user e-mails to spam and that's about it. Hopefully Valve can just roll back to the latest backup and things will work once again. I guess it depends on how the intruders broke in (phished an admin, found an exploit, etc) which determines how long it will take to prevent future incidents.

 
Forgot your password?
Username :
Password :

Poll

Should 'Hatred' have been removed from Steam Greenlight?:

Shout box

You're not permitted to post shouts.
Papa MidnightI kind of liked the movement to have Terry Crews play him instead, but this will do.12/22/2014 - 3:40pm
MaskedPixelantehttp://marvel.com/news/tv/23866/mike_colter_to_star_as_luke_cage_in_marvels_aka_jessica_jones#ixzz3MeuUl63P Mike Colter is Luke Cage.12/22/2014 - 3:23pm
IanCBecause that isn't Max Payne 3. It might have the name, but it isn't an entry in the series.12/22/2014 - 12:48pm
IanCOh theres a Max Payne 3? A proper one, or are we referring to that abomination that Rockstar crapped out a few years ago12/22/2014 - 12:48pm
IanCUpgraded PS3 hard drive to 500gb. Restored 53GB back up. Done the maths, have somehow used up 106GB already?12/22/2014 - 12:44pm
Papa Midnighthttp://arstechnica.com/gaming/2014/12/drm-glitch-leaves-new-max-payne-3-buyers-temporarily-in-the-lurch/12/22/2014 - 11:55am
MaskedPixelantehttp://www.kanzenshuu.com/2014/12/22/j-stars-victory-vs-ps3-ps4-vita-international-plus-version/ J-Stars is coming to North America.12/22/2014 - 9:36am
Matthew Wilsonhttp://www.businessinsider.com/xbox-one-virtual-reality-headset-will-compete-with-oculus-rift-2014-12 can a xbo even handle doing vr?12/21/2014 - 10:48pm
PHX Corp@Adam802 We'll break out the popcorn in June12/19/2014 - 9:23pm
ZippyDSMleeMaskedPixelante: I'm itching to start it too but I will wait till the patch goes live. >>12/19/2014 - 7:52pm
Adam802Leland Yee and Jackson get trial date: http://sfbay.ca/2014/12/18/leland-yee-keith-jackson-get-trial-date/12/19/2014 - 5:24pm
MaskedPixelanteNevermind. Turns out when they said "the patch is now live", they meant "it's still in beta".12/19/2014 - 5:07pm
MaskedPixelanteSo I bought Dark Souls PC, and it's forcing me to log into GFWL. Did I miss something?12/19/2014 - 5:00pm
Matthew Wilsonhttp://arstechnica.com/tech-policy/2014/12/republicans-may-have-plan-to-save-internet-providers-from-utility-rules/ this is intreasting. congress may put net nutrality in to law to avoid title 2 classification12/19/2014 - 2:45pm
Matthew Wilsonhttp://www.polygon.com/2014/12/19/7421953/bullshit-cards-against-humanity-donated-250k-sunlight-foundation I have to admit I like the choice o organization. congrats to CAH.12/19/2014 - 1:51pm
E. Zachary KnightIf you are downloading a copy in order to bypass the DRM, then you are legally in the wrong. Ethically, if you bought the game, it doesn't matter where you download it in the future.12/19/2014 - 12:06pm
InfophileEZK: Certainly better that way, though not foolproof. Makes me think though: does it count as piracy if you download a game you already paid for, just not from the place you paid for it at? Ethically, I'd say no, but legally, probably yes.12/19/2014 - 11:20am
ZippyDSMleeAnd I still spent 200$ in the last month on steam/GOG stuff sales get me nearly every time ><12/19/2014 - 10:55am
ZippyDSMleeMaskedPixelante:And this is why I'm a one legged bandit.12/19/2014 - 10:51am
ZippyDSMleeE. Zachary Knight: I buy what I can as long as I can get cracks for it...then again it I could have gotton Lords of the Fallen for 30 with DLC I would have ><12/19/2014 - 10:50am
 

Be Heard - Contact Your Politician