Print 82 comment(s) - last by SquidianLoveGo.. on May 3 at 10:00 PM

Screenshots posted by MaddoxX reveal the extent of the breach
Cafe owners are in trouble, and users who made online purchases may be next

Valve's STEAM content distribution system has been the target of no small share of bad press since it was created, with complaints ranging from apathetic customer service to the inability to play legitimately purchased games online. Some users have had their accounts locked, deleted, or hijacked - but a hacker known only as "MaddoxX" has just opened a rather sizeable can of worms.

According to a posting made on an anti-STEAM website, MaddoxX has bypassed Valve's security system and accessed a significant chunk of data, including:
  • Screenshots of internal Valve web pages
  • A portion of Valve's Cafe directory
  • Error logs
  • Credit card information of customers
  • Financial information on Valve
While only the Cafe owners appear to be in immediate danger, MaddoxX claims to "have shell access everywhere," and has posted a list of login details for accounts on the Valve servers.  In addition, Maddox also reveals that private certificates for "People with a little bit of (sic) experience ... create their own 'fake' but working cafe / certificate."

It's not currently known how far-reaching the credit card breach is, but STEAM users who have purchased products online for electronic delivery would do well to keep an eye on their credit card statements for the next while, especially if MaddoxX makes good on a promise to release a "spreadsheet."

STEAM cafe owners worldwide are more than a little upset with the information already leaked. MaddoxX has posted emails received from cafe owners and operators:
Believe me, nobody wants to 'stick it to Valve' more than those currently in the cafe program. We're rubbing pennies together trying to make it from month to month, while Valve is making millions off of us ... All I ask is that you make some effort to edit cafe numerical details from any future release.

Please don't release the CC information, for the sake of the centers who are less informed.
MaddoxX does make one thing quite clear in his electronic manifesto:
If you want me to remove these files you can e-mail me at (address removed) and I prefer you come with something good unless you want me to expose ALL of the customers their information.
It seems that Valve is being held for ransom. If this is true, Valve may be in trouble, as California Senate Bill 1386 requires that credit card holders be informed of any breach of their information, and MaddoxX already knows exactly how much money they have available.

Update 04/19/2007: Doug Lombardi, director of marketing at Valve, contacted DailyTech with the following statement:
There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Not good...
By AntiV6 on 4/18/2007 10:41:39 PM , Rating: 2
I hope Maddox is bluffing, I have 3 accounts with 3 Debit/credit cards, and I don't feel like dealing with I.D. theft!

But dang, I didn't know Valve had that much cash!

RE: Not good...
By KaiserCSS on 4/18/2007 11:08:53 PM , Rating: 2
Well of course they have a lot of cash. It's Valve we're talking about here. Half-Life, Counter Strike, etc... very large properties which have made very large profits. Add to it the Steam service, and we've got major bucks coming down the pipeline.

RE: Not good...
By idconstruct on 4/20/2007 5:08:50 PM , Rating: 2
after the forum was 'temporarily disabled' ... maddoxx's server seems to have been completely taken down... It's not responding to pings either...

RE: Not good...
By MrBungle123 on 4/19/2007 12:01:18 PM , Rating: 2
I've never bought anything off of steam but I feel sorry for those that could have their personal / bank information compromised by this jack-ass.

What this guy does with the credit card information (assuming he does actually have it) could screw over a lot of people. It takes years and often tens of thousands of dollars to repair a credit history after your identity has been stolen, i don't really see how his personal vendetta against VALVE is worth what it could cost VALVE's customers.

RE: Not good...
By Donkeyshins on 4/19/2007 2:48:08 PM , Rating: 2
All I can say is that I'm glad the credit card I used to purchase Steam games is cancelled (was stolen earlier in the year when someone was raiding mailboxes).

It makes me think twice about buying HL2-Ep2 later in the year.

RE: Not good...
By Googer on 4/25/2007 2:37:23 AM , Rating: 2
This is the sole reason why I refuse to pay for any downloaded software (from EA, Valve, Microsoft, etc) and I always look for some kind of physical media (i.e. CD, DVD, Blu-Ray, etc) that can be purchased at your local brick and mortar store. If I cannot get it in a physical form, then I refuse to buy it.

Another benefit is you always have a tangible backup that is not prone to getting lost or damaged on your hard drive.

"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki