Video review of Stealth Bastard Deluxe. Stealth Bastard is a fun, gorgeous game with a catchy soundtrack to boot...
A LinkedIn post from Underdark AI made the discovery, stating that datasets are being sold for over $5,000 on a known black market forum.
No personal details, mostly account names, no passwords. Likely would need other account leaks to hope that someone reuses a password with a similar account name on another already leaked service. While a lot of users, the data is useless. Kind of notably by the $5k request for the data.
Plus, if you have 2FA enabled, then you were at zero risk anyway, from what I've read, Steam isn't even recommending password changes as it's apparently unnecessary.
@Christopher
Where are you getting that from?
The linked article above says, "The seller claims this is a “fresh” leak and says it includes usernames, passwords, two-factor SMS logs, message contents, metadata, delivery status, and other sensitive details." Which sure sounds like they might have a lot of other information. If this leak is legitimate I better stop hearing people falsely say PSN is the worst secured digital storefront (even though that hasn't been true for a very long time with far larger data breaches since 2011 all over the world including the Equifax breach which was several times larger).
@FinalFantasyFanatic
That seems true only if you use Steam Guard. If you opted for T2A via SMS the article suggests it's time to make the switch to Steam Guard and of course change your password.
From the credit URL: https://x.com/MellowOnline1...
The article doesn't do a good job of going into the updated detail, they just mention part of it.
Just because the seller claims something, doesn't make it true. If it truly contained that data, it would be worth way more than just $5k. SMS systems don't rely on getting passwords for accounts they're sending an SMS to, just the username, phone number, and timestamp info.
Update:
"Valve has now confirmed that “this was NOT a breach of Steam systems” and users do not need to change their passwords as a result. However, it continues to recommend that you set up the Steam Mobile authenticator for extra security."
https://store.steampowered....
The government needs a taskforce with serious fundung that can opporate across borders to go after cyber criminals.
It is getting out of hand and it is the regular citizens of the world that suffer the consequences of these hacks and breaches.
My fear is that if left unchecked, state sponsored hackers from corrupt or governents under sections may use this as a method of raising revenue at the expense of everyone else.
Not in this administration. If anything hes been dissolving existing task forces meant to protect consumers.
Why? They’d just use the funding to funnel hundred of millions of dollars into fake NGOs that then funnel it into democrat pockets while doing zero cyber criminal defence work.
Then if anybody tried to defund them it’d be a whole thing with the mainstream media claiming that there will be endless cyber attacks. NGOs would then fund protest groups to attack anybody that supports defunding the government’s cyber attack defence branch and then it would turn out it was also being used to stabilize or destabilize governments in other countries and overthrow elections to benefit America. Which is fine until they start using it on us again.
Let’s just not. Private companies who know what they’re doing (Valve) can deal with it
RIP USAID. God bless
It's not a may use this not we know state sponsored attacks do this already.
It's a global problem you couldn't have one government playing world police it would require joint collaboration with foreign governments and the problem is many laws have not kept pace with advancement of technology.
even then it's hard to say with certainty if an attack was a state sponsored attacks or a cybercriminal group operating outside of governments
remember when certain groups were saying PC gamers don’t want other subscriptions because it was not safe and steam was the spot lol.
@badz149
@pwnmaster3000
Have you guys actually read what was «leaked»? It was SMS messages from 3rd party provider (not from Steam itself) with one-time 2FA codes (that are active for 15 minutes). No Steam account details, access to an account or any of that jazz.
Let me quote official Steam response:
«The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.»
Source: https://store.steampowered....
The only bad thing about this is the phone numbers. But while that sucks, attacker doesn't know which Steam account this phone number belongs to. IMO, the only thing people should be rioting about is how unprotected the SMS are and the 3rd party service that was used by Steam. I'm all for punishing people who screwed up and/or lacked the security. But this is not it.
Why riot? They have nothing of value, can't even steal an account with the details they have, they would have to attempt a brute force attack, you can already do that with a Steam user's account name (or any account on any site) if you really wanted to spend the time and processing power to do it.
The Creature Collector Fest event has come to steam until May 19. Here are some epic discounted games to scratch the critter gathering itch.
Codebros Studio comes from Thessaloniki Greece and presents us with their new horror game Unmourned which you can check out now on Steam.
