backtop


Print 82 comment(s) - last by SquidianLoveGo.. on May 3 at 10:00 PM



Screenshots posted by MaddoxX reveal the extent of the breach
Cafe owners are in trouble, and users who made online purchases may be next

Valve's STEAM content distribution system has been the target of no small share of bad press since it was created, with complaints ranging from apathetic customer service to the inability to play legitimately purchased games online. Some users have had their accounts locked, deleted, or hijacked - but a hacker known only as "MaddoxX" has just opened a rather sizeable can of worms.

According to a posting made on an anti-STEAM website, MaddoxX has bypassed Valve's security system and accessed a significant chunk of data, including:
  • Screenshots of internal Valve web pages
  • A portion of Valve's Cafe directory
  • Error logs
  • Credit card information of customers
  • Financial information on Valve
While only the Cafe owners appear to be in immediate danger, MaddoxX claims to "have shell access everywhere," and has posted a list of login details for accounts on the Valve servers.  In addition, Maddox also reveals that private certificates for "People with a little bit of (sic) experience ... create their own 'fake' but working cafe / certificate."

It's not currently known how far-reaching the credit card breach is, but STEAM users who have purchased products online for electronic delivery would do well to keep an eye on their credit card statements for the next while, especially if MaddoxX makes good on a promise to release a "spreadsheet."

STEAM cafe owners worldwide are more than a little upset with the information already leaked. MaddoxX has posted emails received from cafe owners and operators:
Believe me, nobody wants to 'stick it to Valve' more than those currently in the cafe program. We're rubbing pennies together trying to make it from month to month, while Valve is making millions off of us ... All I ask is that you make some effort to edit cafe numerical details from any future release.

Please don't release the CC information, for the sake of the centers who are less informed.
MaddoxX does make one thing quite clear in his electronic manifesto:
If you want me to remove these files you can e-mail me at (address removed) and I prefer you come with something good unless you want me to expose ALL of the customers their information.
It seems that Valve is being held for ransom. If this is true, Valve may be in trouble, as California Senate Bill 1386 requires that credit card holders be informed of any breach of their information, and MaddoxX already knows exactly how much money they have available.

Update 04/19/2007: Doug Lombardi, director of marketing at Valve, contacted DailyTech with the following statement:
There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Sounds familiar
By 05SilverGT on 4/19/2007 5:15:45 PM , Rating: 2
I seem to remember Valve getting hacked during the making of HL2. Then they pushed the release date back because of the breach. When in reality the game wasn’t anywhere close to being done. Can this same thing be happening again to allow for more time on Episode 2? Something along the lines of we have to redo Steam now so we’ll let you know “when it’s done”. I mean serious what's the odds of it happening to Valve twice....




RE: Sounds familiar
By idconstruct on 4/19/2007 7:06:35 PM , Rating: 2
No... look at the site... the hacker is identified in this case and is actually showing off what he did. Besides, he didn't say anything about ruining source code. Although i doubt he would do that, i looked at the site and it looks like they're more interested in leaking code than destroying it.


"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki