backtop


Print 82 comment(s) - last by SquidianLoveGo.. on May 3 at 10:00 PM



Screenshots posted by MaddoxX reveal the extent of the breach
Cafe owners are in trouble, and users who made online purchases may be next

Valve's STEAM content distribution system has been the target of no small share of bad press since it was created, with complaints ranging from apathetic customer service to the inability to play legitimately purchased games online. Some users have had their accounts locked, deleted, or hijacked - but a hacker known only as "MaddoxX" has just opened a rather sizeable can of worms.

According to a posting made on an anti-STEAM website, MaddoxX has bypassed Valve's security system and accessed a significant chunk of data, including:
  • Screenshots of internal Valve web pages
  • A portion of Valve's Cafe directory
  • Error logs
  • Credit card information of customers
  • Financial information on Valve
While only the Cafe owners appear to be in immediate danger, MaddoxX claims to "have shell access everywhere," and has posted a list of login details for accounts on the Valve servers.  In addition, Maddox also reveals that private certificates for "People with a little bit of (sic) experience ... create their own 'fake' but working cafe / certificate."

It's not currently known how far-reaching the credit card breach is, but STEAM users who have purchased products online for electronic delivery would do well to keep an eye on their credit card statements for the next while, especially if MaddoxX makes good on a promise to release a "spreadsheet."

STEAM cafe owners worldwide are more than a little upset with the information already leaked. MaddoxX has posted emails received from cafe owners and operators:
Believe me, nobody wants to 'stick it to Valve' more than those currently in the cafe program. We're rubbing pennies together trying to make it from month to month, while Valve is making millions off of us ... All I ask is that you make some effort to edit cafe numerical details from any future release.

Please don't release the CC information, for the sake of the centers who are less informed.
MaddoxX does make one thing quite clear in his electronic manifesto:
If you want me to remove these files you can e-mail me at (address removed) and I prefer you come with something good unless you want me to expose ALL of the customers their information.
It seems that Valve is being held for ransom. If this is true, Valve may be in trouble, as California Senate Bill 1386 requires that credit card holders be informed of any breach of their information, and MaddoxX already knows exactly how much money they have available.

Update 04/19/2007: Doug Lombardi, director of marketing at Valve, contacted DailyTech with the following statement:
There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Whats so special...
By Runiteshark on 4/19/2007 12:24:35 AM , Rating: 1
Duh, all he did was use a remote include 0day, then upload a crappy shell. He isn't even using c99 (because r57 is backdoored anyway). Plus you guys seem pretty clueless, with that shell you can access pretty much anything with read access, and with a bit of work, root the box.

Plus, the server is Windows 2003, so its not like its hard to root (oh wow windows, how secure). Pretty sure they had all their sql information lying about and was fairly easy to view all their DB's. I wouldn't be surprised if he made a sql dump for himself either.

But to be honest, Good. Screw steam, if they run crap like that they deserve it. I can't even understand how fairly large net companies like that can run so insecurely.. Not even using hardened php. Now, since its a Windows box, its sure to get backdoored, and he can attack the rest of their network (if he has any idea) and start hitting the really sensitive data. And finally what the hell was Valve thinking putting financial information on the same box that does their web hosting? And why isn't their web hosting free/openbsd w/ hardened php & latest apache? No matter, the 0day they got owned by will hit a few other sites too.

The guy who did it does have balls though, He better of used a nice vpn or good box to stunnel from. I wonder how he intends to collect the cash.




RE: Whats so special...
By Runiteshark on 4/19/2007 12:34:48 AM , Rating: 2
ALSO If it should be no problem for them to find where his shells are, if they were using linux. All they would have to is grep or sed for some of the source in that shell, and delete them.

So that guy is an idiot for pasting what shell he is using. (How hard is it to search for "r57 shell 1.31"?)


RE: Whats so special...
By James Holden on 4/19/2007 1:28:36 PM , Rating: 2
quote:
So that guy is an idiot for pasting what shell he is using. (How hard is it to search for "r57 shell 1.31"?)

I think the damage is already done.


RE: Whats so special...
By dare2savefreedom on 4/19/07, Rating: -1
"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki