Steam Hacked, Credit Card Numbers Taken 141
An anonymous reader writes "DailyTech reports that Valve's Steam content distribution system has been compromised. According to the article a hacker claims to have 'bypassed Valve's security system and accessed a significant chunk of data, including: screenshots of internal Valve web pages, a portion of Valve's Cafe directory, error logs, credit card information of customers, and financial information on Valve.'"
Check your credit cards (Score:4, Informative)
Re:It's an unconfirmed claim you Irish fools (Score:5, Informative)
Re:You need to store something for monthly billing (Score:5, Informative)
Who says it was even Valve's machine that was compromised? 1UP.com [1up.com]:
Here's the full *original* screenshot (Score:5, Informative)
The pic in TFA only shows the left half of the picture.
Re:You need to store something for monthly billing (Score:1, Informative)
Internet-->Firewall-->Processingserver-->Firewall
The only open INCOMING port on "Billing" is the port that records billing information; the only outgoing port is the one that tells the processing server to send mail to such and such.
Also, use end-to-end encryption!
Re:Wii points? (Score:4, Informative)
The other reason for the points system is to be able to set a single global price for content. I can post a piece of content for 800 points and tell people about that without having to convert it to a whole bunch of other currencies. Microsoft then sells points at some constant exchange rate for each country. This keeps content prices from fluctuating everywhere outside the US (compared to making the content $10 USD and having the exchange rate vary).
Interview with the "HACKER" (Score:2, Informative)
The source? [fpsbanana.com]
The interview [freenationfoundation.org]
Please, read the forums at freenationfoundation.org so you all get an idea what goes on in these "hacker's" minds.
They really need your help.
-SJ
Looks like the "hacker" is full of crap (Score:2, Informative)
Re:Another, eh? (Score:2, Informative)
I've used Verified by VISA a number of times now (and have dealt with a number of on-line merchants which will only accept payment through it) and it's really quite simple. First of all, you need to tell your bank (I did it through its on-line banking interface) that you want to enable VFV on a given card.
Now, the way it's implemented in my country (don't know if it differs on other countries) is: you then stipulate a password for the VBV system for that card, and an overall daily "allowance" for VBV operations on that card (ie, the total daily amount you're willing to allow your card to be charged through VBV).
Then, for each transaction, you generate a virtual card on-the-fly (stipulating a specific limit for that card) which is good for one, and only one, transaction (after which it becomes unusable) and expires within a month (in case the merchant takes too long to charge you for the transaction). In my case, there's even a toolbar/FF extension-like program you can download, enabling you to generate the virtual card with just a few clicks without having to open a new tab/window/whatever. Which means the vendor/seller never gets his hands on your CC number/account. And he can only charge you for the amount you enabled the VCC to pay for, and not a penny more.
Now, like the GP said, it won't do for monthly/cyclical payments (as you can only use each card once), but for purchases on an unknown vendor/site, it's pretty handy.
Plus, the whole system is completely transparent and lightning-fast. You can create a VBV account (which you can manage through your bank's on-line banking system), delete it, change access password, change daily allowance, create and cancel virtual cards (on the VBV site), all within seconds of each operation. And all of this without paying a single fee.. You only pay what you charge to your card, no added cost.
Which means, at least to me, that it's more than just an added level of security.. First of all, it's a new card for each transaction.. And, because those cards expire within a month of their creation, the system can re-utilize them on a cyclical base (after all, the cardholder's name won't be the same, as well as the 3-digit security code). A card that you can cancel at any time (if it hasn't been charged yet, that is). All through a (secure) system that requires you to use a password (that you choose) and a username that your bank generates (not just the "cardholder's name/CC number/CVV2 security code" combo), all while still enjoying that same "chargeback if you've been ripped off" protection you get with traditional CCs.