Report: Steam Forums Down, Possibly Hacked

November 7, 2011

The Steam forums are offline, with a message to visitors declaring that they are undergoing maintenance, but some users are telling Eurogamer that the forums may have suffered a security breach. Currently the forums are displaying the following message:

"The Steam Forums are temporarily offline for maintenance," a message on Steampowered reads. "Your patience is appreciated."

Eurogamer received an email from one Steam user who said a group changed the text on the forum and spammed some users' email addresses. The group is reportedly from FknOwned.com, a website that offers video game hacks, porn, etc. The group managed to deface the forums and some users reported receiving emails from Steampowered.com with the following message:

"Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit [removed domain] It's safe, secure and undetected."

"Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think."

"Thanks again, the fkn0wned team."

No one has claimed that user data has been compromised or that any Steam accounts have been breached. Valve has not publicly commented on this story.

Source: Eurogamer

Posted in

Comments

Re: Report: Steam Forums Down, Possibly Hacked

Submitted by djnforce9 on Wed, 11/09/2011 - 09:25.

Thankfully the Steam forums use the vBulletin forum software which encrypts account passwords (using md5 with salt) in the database (I know since I've set up vBulletin forums before). This makes it absolutely impossible to decrypt them back into plain text again (the wonders of trap-door cryptography).

 

The hackers could on the hand change people's forum (not Steam) passwords if they broke into the Admin Panel but that wouldn't accomplish anything useful. The worst it seems they've done is collected a huge list of user e-mails to spam and that's about it. Hopefully Valve can just roll back to the latest backup and things will work once again. I guess it depends on how the intruders broke in (phished an admin, found an exploit, etc) which determines how long it will take to prevent future incidents.

Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
ddrfr33kGood to hear, Zip! Welcome back05/25/2012 - 7:26pm
ZippyDSMleeComp seems fixed YAY!!!!05/25/2012 - 6:17pm
E. Zachary KnightGamasutra explores the failure of Streetfighter X Tekken and has one of the best arguments against on-disk DLC I have ever read: http://tinyurl.com/d399ylu05/25/2012 - 1:46pm
ddrfr33kabout the xbox live hacks from last year, now we know: http://kotaku.com/5913228/report-how-scammers-are-stealing-xbox-live-accounts-and-what-they-do-with-them05/25/2012 - 12:31pm
tallimarhttp://news.cnet.com/8301-1035_3-57440902-94/microsoft-legal-win-over-google-may-signal-ceasefire/05/24/2012 - 10:17pm
ZippyDSMleeTIme or an operation!05/24/2012 - 6:43pm
ZippyDSMleePC parts are in wish me luck or hell!!05/24/2012 - 6:43pm
MaskedPixelante38 Studios and Big Huge Games are pretty much dead now. http://www.joystiq.com/2012/05/24/38-studios-and-big-huge-games-lay-off-entire-staffs05/24/2012 - 4:39pm
DorthLousActually, nop, I did miss the emoticon for some reason (getting used to pics?) and I didn't know you changed it since (since I posted previous to my shout and it was still there.) Anyhow, thanks for taking it out!05/23/2012 - 6:01pm
james_fudgeWell we were just testing it. but it is still on the submission to fight $pam.05/23/2012 - 5:48pm
E. Zachary KnightJames, No I don't have it. I was just wondering who does and why. More curiosity than anything.05/23/2012 - 5:38pm
james_fudgeDid you not see the emoticon and did you not see that it has already been changed back?05/23/2012 - 5:10pm
james_fudgeLOL05/23/2012 - 5:07pm
DorthLousWhy? Not shocked that people are barking to an additional hoop to jump through when posting from their already logged in account or just mentionning this to try to paint me as one always complaining?05/23/2012 - 4:45pm
james_fudgebig shock there ;)05/23/2012 - 4:30pm
DorthLousI'll add my voice to those wanting it gone :S I'm already logged in, I don't need a captch'a. That's for those registering.05/23/2012 - 3:54pm
james_fudgeEt tu EZK?!?05/23/2012 - 3:51pm
Craig R.I'm a One Man Quorum! And it's working for me now, thanks. :)05/23/2012 - 3:48pm
E. Zachary KnightHow do we determine who get's the game/captcha thingy? Is there a certain posting threshhold users have to meet before it is turned off?05/23/2012 - 2:25pm
james_fudgeGive it a chance, we're still adjusting it ;)05/23/2012 - 11:20am
All shouts

Be Heard - Contact Your Politician