Hacker holds Steam credit card data for ransom

A hacker claims to have broken into Valve’s Steam online content delivery service and appropriated customer credit card information. The hacker calls himself MaddoxX and has posted a thread on anti-Steam website no-steam.org with links to an archive containing screenshots of internal Valve web pages, a portion of Valve’s Cyber Cafe directory, error logs, credit card information for five Steam customers, and Valve’s own balance sheet (listing total funds of $9,186,722.35.)

MaddoxX claims that he has “shell [access] everywhere” and adds, “If you want me to remove these files you can e-mail me at [address removed] and I prefer you come with something good unless you want me to expose ALL of the customers [and] their information.” The screenshots and information certainly seem genuine, so Steam users would probably do well to keep an eye on their bank accounts in the near future. Valve has yet to issue a statement about the problem on its Steam website. However, the hacker quotes a purported statement from a Valve forum moderator that reads, “Valve are aware of the issue and are investigating.” Thanks to DailyTech for the tip.

Comments closed
    • krazyredboy
    • 13 years ago

    This is why I am glad I never purchase anything through STEAM. I am perfectly happy with waiting for the store bought versions to come down in price before I buy them.

    • herothezero
    • 13 years ago

    I fail to see the comparison between Steam and malware/spyware/bloatware. Online distribution is the future, as companies like Battlefront and Stardock have long since figured out; if you’re not well-heeled enough to get traditional means of publishing, it’s a great option.

    • droopy1592
    • 13 years ago

    Too bad my steam cc # was expired almost two years ago

    • Saeghwin
    • 13 years ago

    I’m trying to remember if Valve has my information stored or not (or rather, SHOULD they have it stored or not). I think I enter it separately whenever I make a purchase.

    Completely off-topic: Why do people always say “Valve are”? It really annoys me. Valve is a single corporation, an individual entity, not a plurality of people.

    I just realized I’m that stereotypical grammar guy.

      • wierdo
      • 13 years ago

      The british don’t treat corporations as individuals, so they use “are” to signify them being a collective of folks. This is why both are valid.

      Also an interesting reflection of cultures I might add.

        • Mac_Bug
        • 13 years ago

        No, it’s called bad grammar.

          • wierdo
          • 13 years ago

          No it’s called other English speaking countries 😛 Not only that, English surprisingly came from England, can you believe that? 😉

          Well… linguistically that’s not accurate either, but that gets off-topic.

        • Saeghwin
        • 13 years ago

        I’m pretty sure British companies act in the same way that US corporations do. That is, they are treated as separate from the members or owners that run them.

    • Snake
    • 13 years ago

    “y[

      • Krogoth
      • 13 years ago

      It is more like quoted for complete inaccuracy.

      More ignorant users that still fall to understand that they never own the software. Widespread physical media distribution for software will slowly, but surely become a thing of the past.

        • fyo
        • 13 years ago

        Sadly, most ignorant posters fail to understand that The Law and the crap software makers write in their EULAs seldom agree. Even worse, these ignorant posters fail to understand that The Law is right and the EULAs are, in fact, crap.

      • A_Pickle
      • 13 years ago

      It’s cool to hate Steam! Yeah!
      `

    • Code:[M]ayhem
    • 13 years ago

    Serves the idiots right for supporting such a vile piece of malware called Steam

      • CampinCarl
      • 13 years ago

      Erm…call me stupid, but, explain to me how Steam is malware?

        • odizzido
        • 13 years ago

        Because its a steaming pile of……

        Actually, steam belongs in the same category as quicktime and realplayer. Garbageware I think they call it.

          • SPOOFE
          • 13 years ago

          Reasserting a position =/= explaining it.

          • A_Pickle
          • 13 years ago

          Actually, with the exception of a few memory leaks (which I haven’t ever experienced again), Steam doesn’t begin to approach the stupidity of RealPlayer. Steam is a content distribution system, through which users can buy games, play them, and do so with their friends. It lets smaller game studios, with a good idea and programmers to make it a reality, bring their creation to light without having to part with their work by selling it to the likes of EA. Ever played “The Ship?” It’s a great indie game, sold on Steam.

          I contracted a few viruses the other day (on Windows Vista no less! It was totally my fault)… and decided to format after I had exhausted all known virus fighting techniques. I didn’t want to re-download all my Steam games, because they’re all rather large and… well… Keesler AFB has shitty internet for Airmen in Training. So I did a complete Steam backup on my external hard drive.

          I formatted, and using Steam’s restore feature, got all my games back to 100% ready. It didn’t save my saved games or HL2: Deathmatch maps. I then configured Steam to NOT run when Windows started, and I added a few of my friends to my Steam Friends list. I’ve played games with them online, through Steam friends.

          RealPlayer, on the other hand, absorbs all of your filetype associations, bogs down your computer with a poorly designed interface (a player that sizes itself so that it takes up YOUR ENTIRE SCREEN) and doesn’t offer any compelling features unless you’re interested in playing Real’s own piss poor filetype, which isn’t even used that often.

            • odizzido
            • 13 years ago

            and what happens if you dont have steam on your comp anymore?…can you play them?…what if one day valve dies off….all of a sudden you cant play anymore? If X-Com had relied on programs which relied on servers being up, I doubt I would be able to play it anymore.

            There are rather huge flaws with steam for me. I will admit it seems like on the program side, its gotten a lot better(I was one of those the beta’d on back what CS was worth playing)

            • indeego
            • 13 years ago

            The third or fourth time you install steam, and you have your games right there (or 10-20 minutes away from playing,) you begin to wonder how you did it before.

            I heart steam, even given some of the issues I’ve been having lately with HL2 ep1. Getting rid of the middleman is what technology is aboutg{<.<}g

            • DreadCthulhu
            • 13 years ago

            I doubt Valve would disappear suddenly; if at some future point they did go bankrupt I am pretty sure they would open source the connection stuff they use, and anyways the single player games would work in offline mode.

      • Krogoth
      • 13 years ago

      More baseless FUD.

      Steam is hardly malware or bloatware in any sense.

      I never had any problems with Steam, in fact I like how Value allows you to make physical back-ups of your gaming content for quicker recovery. You can login your account to any computer that has Steam installed.
      Steam will allow off-line gameplay and LAN parties, despite what FUDers claim.

        • Beomagi
        • 13 years ago

        That’s not the only good thing. My discs were bad, got scratched. It doesn’t matter, steam lets me download the game again without issue.
        #15 – Stupid yes, kid? Socially speaking 😉

      • ludi
      • 13 years ago

      Steam works fine for what it is: A content distribution system and piracy limiter.

      If you want to carp and moan at Valve, try something meaningful, like the facts that VAC is way behind the available cheats and Valve can’t seem to unbreak the Source Engine voice chat system’s multifarious bugs and h4x.

        • Bet
        • 13 years ago

        I’ll take Valve’s Steam over Sony’s SecuROM or Russia’s Starforce any day. The latest version of SecuROM (2007) is even telling me what drive to put my bloody disc in! And not the way I’d expect, it actually prefers residing in the DVD writer as opposed to the ROM drive.

        The biggest SecuROM issue by far is its refusing to load the games unless I reboot after loading Sysinternal’s Process Explorer, which is now an official Microsoft tool. Seems like Sony has declared war on both Microsoft and the man that they hired after he exposed their music rootkits thanks to shoddy DRM.

        Never thought I’d see the day I’d prefer Starforce over SecuROM. It was a growing giant while everyone was rabid about Starforce. Now we’re SCREWED.

    • Dude-X
    • 13 years ago

    I have bought stuff through Steam before. At first I was worried, then I realized I have closed my account for that credit card a long time ago, so I am safe.

    I am going to use a one time number next time though…

    • indeego
    • 13 years ago

    Valve needs to fix the last update to HL2 ep:1. It’s borkedg{<.<}g

    • herothezero
    • 13 years ago

    Feds?

    How about SOCOM? We should make these people a national security priority and have them taken out…quietly.

      • Beomagi
      • 13 years ago

      relax man – it’s just a stupid kid. Let darwinism happen in due time 😉

        • Vertigo
        • 13 years ago

        Are you joking? This kind of hacking hasn’t been done by “a stupid kid” since the late ’90s. Spot the Fed at Defcon isn’t nearly as fun as it used to be, since the FBI people are wearing badges and giving talks on credit card fraud. The world of organized crime has long since figured out that internet fraud, extortion, and spam are way safer and more profitable than tradition schemes.

        Do you think the billion spam mails a day are because of “a stupid kid”?

          • Krogoth
          • 13 years ago

          The sterotype of the hacker/cracker being some overweight, socially inept person who has way too much on their hands is far from the truth.

          A good number of hackers, crackers are software and IT security engineers. Black hats can be double-agents who will give inside information information and so forth to the highest bidder.

          The underground world of IT is pretty interesting. It has more of a foothold in eastern Asia and Europe, but there are agents here in the states.

          Rampant phishing, spamming and adware/spyware schemes are merely tips of the iceberg.

    • Shinare
    • 13 years ago

    This worries me as I have made purchases of games off of steam. 🙁

      • Peffse
      • 13 years ago

      I’m not sure, but I think this mostly involves people who have their credit card on file for monthly transactions… like the cafe in the picture at dailytech.

        • Shinare
        • 13 years ago

        y[

          • dextrous
          • 13 years ago

          A few days ago I had three charges from Skype show up on my debit card I used for steam. I don’t even have a skype account. I contacted them, and they said it looks fradulent and I should contact my bank. Is it related? No idea, but makes me wonder now…

      • quarantined
      • 13 years ago

      If this turns out to be true, then I’ll never buy anything through a service like Steam again and I can’t imagine anyone who would.

      Why can’t this kind of crap happen to those who are more deserving, like iTunes buyers? 😛

        • d2brothe
        • 13 years ago

        What kind of a statement is that…you think you’re better than itunes users?…

    • Ricardo Dawkins
    • 13 years ago

    next up on the list…Xbox Live and Marketplace.

    • PRIME1
    • 13 years ago

    Probably just another annoying CS:S player.

    • Krogoth
    • 13 years ago

    I smell a ton of BS and FUD.

    If the cracker (black hat) can do what he/she claims especially with that much $$$$$. He/she would subtlety do withdraws to his account and hush-up.

    A hacker (white hat) on the other hand would simply point out the security flaws and help Value to close them for a price.

    The latter option seems unlikely given the language and stance of the post that contents the supposed claims.

      • Xenolith
      • 13 years ago

      Looks like a job for the Feds. If he is for real, then he is a retard.

      • d2brothe
      • 13 years ago

      Heh…agreed…sounds like a dumbass to me….”shell access…everywhere”…sounds like a script kiddie :P…all talk…

      • Beomagi
      • 13 years ago

      Now where have I heard that name before? While steam is an annoying extra that must be installed to have my halflife 2 up and running, it’s not overkill, and I understand it’s use.

      I’m with you on the BS call.

      • Vertigo
      • 13 years ago

      Actually, a white hat would probably keep her mouth shut and let Valve deal with their own problems. Companies are waaay too happy to sue the bearers of bad news these days, and telling a company about a security hole and then offering to fix it “for a price” is too likely to be (mis)interpreted as extortion.

        • indeego
        • 13 years ago

        I don’t understand how that *[

        • Krogoth
        • 13 years ago

        Not if the amount is reasonable (a few hundred to thousand). If the company isn’t too cheap and stingy. They would considered the fee as a reward for the potentially devastating hole. Compared the lost from a simple “extortion” to the lost resulting attack that compromises the company’s assets.

          • indeego
          • 13 years ago

          That is extortion, I don’t care what dollar amount you find being the cutoff.

          If the ethical hacker wants to hunt bugs for money they should apply for a paid contractual position. There is inherent risk in finding exploits: you could unintentionally knock out a service or break stuff.

          Look at it from the company’s perspective: How can they trust a third party that is asking for moneyg{

Pin It on Pinterest

Share This