Forbes: It was bound to happen sooner or later. Valve’s online gaming distribution website Steam has removed what appears to be the very first game from user libraries. Many games have been removed from the Steam store, but have remained in user libraries. Individuals have had games removed for various reasons as well, but this appears to be the first game, in its entirety, removed from every user library.
Valve gave a user Clair Obscur: Expedition 33 for free as compensation for the long wait during their Steam Deck repair.
I had a similar experience when I initially pre-ordered my Deck. There was an issue during shipping and they offered me a customer service perk for the hassle and let me pick any game on Steam. It was super nice of them. I got a copy of Rime.
A LinkedIn post from Underdark AI made the discovery, stating that datasets are being sold for over $5,000 on a known black market forum.
No personal details, mostly account names, no passwords. Likely would need other account leaks to hope that someone reuses a password with a similar account name on another already leaked service. While a lot of users, the data is useless. Kind of notably by the $5k request for the data.
Plus, if you have 2FA enabled, then you were at zero risk anyway, from what I've read, Steam isn't even recommending password changes as it's apparently unnecessary.
@Christopher
Where are you getting that from?
The linked article above says, "The seller claims this is a “fresh” leak and says it includes usernames, passwords, two-factor SMS logs, message contents, metadata, delivery status, and other sensitive details." Which sure sounds like they might have a lot of other information. If this leak is legitimate I better stop hearing people falsely say PSN is the worst secured digital storefront (even though that hasn't been true for a very long time with far larger data breaches since 2011 all over the world including the Equifax breach which was several times larger).
@FinalFantasyFanatic
That seems true only if you use Steam Guard. If you opted for T2A via SMS the article suggests it's time to make the switch to Steam Guard and of course change your password.
From the credit URL: https://x.com/MellowOnline1...
The article doesn't do a good job of going into the updated detail, they just mention part of it.
Just because the seller claims something, doesn't make it true. If it truly contained that data, it would be worth way more than just $5k. SMS systems don't rely on getting passwords for accounts they're sending an SMS to, just the username, phone number, and timestamp info.
Update:
"Valve has now confirmed that “this was NOT a breach of Steam systems” and users do not need to change their passwords as a result. However, it continues to recommend that you set up the Steam Mobile authenticator for extra security."
https://store.steampowered....
The government needs a taskforce with serious fundung that can opporate across borders to go after cyber criminals.
It is getting out of hand and it is the regular citizens of the world that suffer the consequences of these hacks and breaches.
My fear is that if left unchecked, state sponsored hackers from corrupt or governents under sections may use this as a method of raising revenue at the expense of everyone else.
Not in this administration. If anything hes been dissolving existing task forces meant to protect consumers.
Why? They’d just use the funding to funnel hundred of millions of dollars into fake NGOs that then funnel it into democrat pockets while doing zero cyber criminal defence work.
Then if anybody tried to defund them it’d be a whole thing with the mainstream media claiming that there will be endless cyber attacks. NGOs would then fund protest groups to attack anybody that supports defunding the government’s cyber attack defence branch and then it would turn out it was also being used to stabilize or destabilize governments in other countries and overthrow elections to benefit America. Which is fine until they start using it on us again.
Let’s just not. Private companies who know what they’re doing (Valve) can deal with it
RIP USAID. God bless
It's not a may use this not we know state sponsored attacks do this already.
It's a global problem you couldn't have one government playing world police it would require joint collaboration with foreign governments and the problem is many laws have not kept pace with advancement of technology.
even then it's hard to say with certainty if an attack was a state sponsored attacks or a cybercriminal group operating outside of governments
remember when certain groups were saying PC gamers don’t want other subscriptions because it was not safe and steam was the spot lol.
@badz149
@pwnmaster3000
Have you guys actually read what was «leaked»? It was SMS messages from 3rd party provider (not from Steam itself) with one-time 2FA codes (that are active for 15 minutes). No Steam account details, access to an account or any of that jazz.
Let me quote official Steam response:
«The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.»
Source: https://store.steampowered....
The only bad thing about this is the phone numbers. But while that sucks, attacker doesn't know which Steam account this phone number belongs to. IMO, the only thing people should be rioting about is how unprotected the SMS are and the 3rd party service that was used by Steam. I'm all for punishing people who screwed up and/or lacked the security. But this is not it.
Why riot? They have nothing of value, can't even steal an account with the details they have, they would have to attempt a brute force attack, you can already do that with a Steam user's account name (or any account on any site) if you really wanted to spend the time and processing power to do it.
The Creature Collector Fest event has come to steam until May 19. Here are some epic discounted games to scratch the critter gathering itch.
"But due to always-online DRM, even the single-player portion of the game requires the servers to be up and running."
The benefits of always-online DRM.
Every game on any platform has drm of some sort, unless it's from gog.com. Online only console games become useless at some point as well. What's really funny is how people think having a disc with a picture on it is somehow more ownership, download the game and store it anywhere and you have the same ownership...
One simple layer of DRM such as Steam is not a big deal. It is not online only DRM and it has its benefits which dont need to be stated. Having multiple layers of DRM is problematic. Having Steam + Uplay, securerom, GFWL etc is just punishing people who have activated keys with Steam. I am glad to see gfwl being patched out. I bought a couple games and when I found out it used it I skipped playing them. Only one I can remember wanting to deal with it for was the Arkham series but even that has been patched out which is great.
Online only DRM needs to be phased out.
Part of the blame lies in Steam. Steam can choose what it publishes in their library, and it should NOT allow always online single player games in its library. It can opt to not generate revenue from such games, and the publishers can choose to not use Steam. A wise publisher would opt to use Steam. If the publishers are any smart, they should let Steam handle their DRM for them, which I find fair.
The only time they need extra DRM layers is when they SELL a physical copy to you, but they want you to play through Steam without the dics. Then they need to make a coaster out of that disc, as it could potentially be used to install on several different accounts and computers, which is not feasible. But all these can be done transparently to user, using Steam's infrastructure.