TL;DR
We have examined the leak sample and have determined this was NOT a breach of Steam systems.
You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at https://store.steampowered.com/account/authorizeddevices
thank fuck
Two factor auth clan
I would really like to auth my steam account with a normal TOTP app.
I know you can extract the TOTP from Steam authenticator but there’s risk involved with it.
what risk?
Doing it wrong and losing access.
Can you fallback to email pin if you lose your steam authenticator?
Yes, you can reset to email in case you break your phone or something. It’s one of the account recovery options.
Some logins now require an interactive prompt in the app instead of a TOTP code though. I see them when my IP address changes due to VPN endpoints lately.
i’ve yet to see an mfa that is as usable and streamlined as steam’s
changed my pw anyway. i don’t know, and don’t really want to know how much money i’ve got sunk into my acct, but it’s a lot
I don’t know, and don’t really want to know how much money i’ve got sunk into my acct, but it’s a lot
Oh you can know. It’s a viewable page within the menu. I’ll leave it to you to search up on where.
People need to stop acting like it’s some scary thing to know.
https://help.steampowered.com/en/accountdata/AccountSpend
Don’t just open it, see thousands of dollars spent, react like it is some huge expenditure and close it without thinking things through. Don’t forget that the account is years old and when you do some simple division it going to come out to $30 a month or some number that is reasonable for you to spend on a hobby that you have spent hundreds to thousands of hours enjoying.
I also pro-rate the value of my games like this. For instance, Helldivers 2: paid $39.99 (€35,76), played 537 hours. That’s $0.001 (€0,0012) or 1/10th of a cent per hour of play. Even if I add $2000 (€1.788,61) for the PC I play on that still only comes to $3.79 (€4.24) an hour.
Hard to beat that price per hour of entertainment.
My Steam spend over the lifetime of my account comes to $25 (€27,97) a month which is a decent monthly entertainment cost. Of course that doesn’t account for additional spending on other entertainment but putting the total spent amount in perspective is definitely good to do, so thanks for pointing that out for those who need it.
Edit: added € costs
For context, my account is over 15 years old, it has over $6k spent, and almost all of that is in the last decade. And it still comes out to under $50 a month, with thousands of hours played across a bunch of games.
For comparison, I know people who spend much more on their hobbies with car, bicycle, home theater equipment, etc. each year
I also have an old account with ~$6,000 USD on it. I don’t worry about it so much. Also, I don’t think it includes when a game was purchased on sale, because on my account I have one of the Star Wars mega bundles that came with like 20 classic Star Wars games, but it says it was like $220 or something. I absolutely bought it when it was on sale, and not when it was full priced, because that money would fund Disney and I don’t want to fund Disney any more than I feel is absolutely necessary. So some of the prices may not be reliable with what was actually spent. (After manually adding up the purchase, I only spent ~$59 USD on the bundle which I bought in 2018).
By comparison, I have put ~$10,000 USD into my car, with $7,000 on the engine alone. So seeing the $6,000 might have been scary initially, but given the value of the dollar, I am kinda surprised the number wasn’t bigger.
Also, my account is old enough that it doesn’t include anything from before 2016? or some year like that.
One could probably also factor in hardware costs. But over years it may not be as bad as suspected like you’re expressing.
When I calculate the “time of fun per euro spent” I’m always shocked how cheap videogames are. Even something like the new Doom, which is 70 euros for 16 hours of play, comes down to €4.40 per hour (or just under 14 minutes per euro). And we consider that ridiculously expensive for a “short” game.
Try doing anything for < €5 per hour.
Then I look at something like Warhammer total war, and I’m up to 132 minutes per euro spent
There is also the cost of power and computer hardware to factor in, which probably raises the barrier to entry, but you’re right. Once you have all the equipment or have it anyway for other purposes, it’s very cheap.
Yeah, but that’s mostly because it’s lumpsum. Over time, it’s not much at all.
I’ve had my account since Portal was released, so that’s around 20 years ago? Frankly I’d be shocked if I’ve spent even $1k and over 20 years? That doesn’t sound too bad. Almost everything I’ve bought has been on sale, or fairly inexpensive to begin with.
So far it either sounds like they are replaying the message, or it’s just a (partial) list of numbers that used steam. Might be good for targeting, but that is about it. They would have to know the associated account to do any intercept attacks.
This is why on steam I don’t store my credit card information, nor on basically any other site that I can get away with it.
Yeah it is a pain in the ass for the times I want to buy something, having to put it the card details every single time, but it’s worth my peace of mind if a breach happens. By this point I have memorized my card numbers so it’s not too awful of a pendantic habit now.
Just accidentally memorize it from having to manually pay a bunch of bills online in a short span!
It’s a credit card, you can dispute charges and will likely get a refund.
I’ve done it a few times for different reasons.
So have I, but weigh that against the hassle of needing to call and be on hold and so on. Let alone the additional burden of knowing I have to stay on top of checking my statements for fraudulent charges
I’d rather avoid all that by never letting it grow to be a problem
I’ve always done it on the app, no phone call or chat. But regardless, it’s not like it’s going to happen. I have my cc info (and throwaway cards like privacy.com) in several websites and nothing like this ever happened. All times I’ve requested a refund was due to the service/product not being what was promised, not due to a data leak. The convenience definitely beats the risk.
i use privacy.com with a virtual card with a vendor lock and max limit. it also helps remind me when I’m spending too much there … 😂
Yeah, but you lose out on credit card rewards, aka free money, going that route.
I’ve used them a couple times where my privacy was worth more, and once where I didn’t want a company having a card to put recurring charges on
Technically it costs money even if their fees are forgettable.
That’s nice, but their refusal to support linking to credit cards made me abandon using their cards.
That’s for a very good reason that they don’t allow that.
If it was allowed it would be a wet dream for credit card churning
Most banks will offer virtual cards. You can use those instead of your actual card number, and if they get stolen you just cancel that virtual card, but your account is untouched.
I only use those for short term and set them to expire after a month or however long I need them for on that site. Great way to make sure I don’t auto renew anything and if it gets stolen it’s already expired. As long as it’s a credit card even if there is fraud they pay you back instantly. Never ever store a debit card anywhere.
