Steam forums shut down due to security breach?

[Shawn Knight]

Steam’s official forums are currently offline for what is being called a maintenance issue, although there’s reason to believe that the site’s vBulletin forum software may have been hacked. Valve hasn’t commented on the issue yet but some gamers noticed a suspicious message on the forum last night that suggests a security breach.

Eurogamer was contacted by a Steam user who said a group known as fkn0wned changed the text on the forum and spammed some user’s email addresses. The text reads as follows.

Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit Fkn0wned.com. It’s safe, secure and undetected. Along with hacks, we’ve also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all of your needs in terms of resources so be sure to take a look and tell us what you think. Thanks again, the fkn0wned team.

At this point it’s unclear whether any private data like passwords or billing information has been compromised. The breach likely took place sometime last night and as of writing, the Steam’s forum is still “down for maintenance.”

If we had to take a guess, we’d point the blame at Valve’s use of forum software vBulletin which has seen its share of security breaches in the past. Just to be on the safe side, we would advise anyone reading this to change your Steam forum password and perhaps do the same at any other sites where you use the same login credentials.

Permalink to story.

https://www.techspot.com/news/46158-steam-forums-shut-down-due-to-security-breach.html

 

[TomSEA]

LOL...well I'm glad to see that they offer pRon along with all their hacking tools.

 

[example1013]

I'm sure that site is totally legit and doesn't install any malware at all.

Also, Steam has forums?

 

[Guest]

Unfortunately you just advertised the naughty website.

 

[Leeky]

Are the Steam forum's user credentials and the login in credentials for the Steam client the same?

Or do you have to register for both separately?

 

[Guest]

You have to register for forum accounts separately from your steam account. Although, I'm sure most users use the same login info.

 

[herpaderp]

Leeky said:
Are the Steam forum's user credentials and the login in credentials for the Steam client the same?

Or do you have to register for both separately?

Separate. Of course, anyone fool enough to use the same for both is probably going to find out that was a bad decision...

 

[Leeky]

Separate. Of course, anyone fool enough to use the same for both is probably going to find out that was a bad decision...

Aye, but I wasn't sure if it was one global login that encompassed all Steam services or not, hence asking for confirmation. Thanks for letting me know.

 

[motrin]

HEY I WAS ON THEM FORUMS when this happened. took some screen shots w/ my phone

http://i17.photobucket.com/albums/b59/ptv_graphics/Mobile Uploads/2011-11-06_190841.jpg
and
http://i17.photobucket.com/albums/b59/ptv_graphics/Mobile Uploads/2011-11-06_190851.jpg

 

[Leeky]

Thanks for the share Motrin.

Looks pretty bloody clear they were hacked (assuming that is the Steam forum as I can't say I've ever seen it before) looking at those screengrabs!

 

[r8bwp]

yes thats the steam forum...... sticky is an admin

 

[motrin]

well they shut down the forums with in minutes after the post was up. looked like only the valve admin account was hacked but hey maybe more thats why they shut down everything

 

[Rasta211]

I hesitate to upgrade to the latest browser because of add-on incompatibility as well.

 

[Guest]

This is Anders from vBulletin. Just wanted to mention that we do not agree with this statement and feel it is unsupported. We take security reports very seriously and vBulletin software is very secure.

"If we had to take a guess, we’d point the blame at Valve’s use of forum software vBulletin which has seen its share of security breaches in the past."

 

[DeliciousPie]

Guest said:
Unfortunately you just advertised the naughty website.

Exactly what I was thinking :/

 

[Guest]

My account details and password were used to attempt a login with my Google account. The only thing that shared the same password, and had my email address on file. I forgot to change my steam password, and as such Google blocked access to my account until I managed to provide my security details.

The login details are as follows

Access Type [ ? ] Location (IP address) [ ? ] Date/Time
Unknown Ukraine (volia.com:77.122.54.68) Nov 8 (1 day ago)

 

[PinothyJ]

Guest said:
This is Anders from vBulletin. Just wanted to mention that we do not agree with this statement and feel it is unsupported. We take security reports very seriously and vBulletin software is very secure.

"If we had to take a guess, we’d point the blame at Valve’s use of forum software vBulletin which has seen its share of security breaches in the past."

Until you pull your finger out and stop being a "guest" all of your opinions are invalid…

 

[superty12]

It's a security breach. Steam just notifed me.

 

[motrin]

yea check out the forums. updated