Go Back   Steam Users' Forums > Steam Discussions > General Steam Discussion

Reply
 
Thread Tools Display Modes
Old 11-11-2011, 07:07 PM   #1
Crunchwrap
 
Banned
Join Date: Dec 2010
Reputation: 471
Posts: 851
Exclamation Double standard on Sony and Valve's hacking incidents

I remember when the Sony hack took place a while back, there was an uproar. On gaming sites throughout the blogosphere, people were raging hard at Sony for being so incompetent at losing everyones personal information due to their inefficient security (some databases they used weren't even being kept updated). They were angry, and rightly so. The hack had huge ramifications for everyone who had an account on the PS Network, as people had to spend a ton of money canceling their credit card info (fraudulent purchases were starting to show up). It was so bad, there was even a class action lawsuit against Sony, not only to cover banking expenses, but also for the aggravation/stress of having a company you trust lose all your private info so carelessly.

Now, the exact same thing has happened to Valve. Yet, the uproar (if any) has been extremely limited simply because "people just like Valve". I find that idea to be absolutely unacceptable. Liking a company or not is no excuse not to speak out when they've done wrong. If Valve security was really that bad and inefficient, then there should be a public outcry. There should be demands made for an explanation from Valve, and assurances that their security will be updated (just as Sony did), and possibly some compensation. So far, Valve have not even done this. This double standard I've noticed when you compare the Sony incident with the Valve one is shocking and also quite telling of the mindset of some people who have no qualms with having all their info stolen as long as they "like" the company in question.

Edit: For some people in this thread saying "Valve's information was encrypted, Sony's wasn't". This is a not true.
Sony's credit card information was encrypted, same as Valves: http://www.pcmag.com/article2/0,2817,2384561,00.asp

Also, according to the official statement, it seems only your password and credit card number were encrypted. The rest wasn't.
"Intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."

Unless I'm mistaken, it seems your username, game purchases, email address, and billing address is now in the hands of the hackers. That's more than enough for a person to exploit for malicious purposes.

Last edited by Crunchwrap: 11-16-2011 at 11:17 AM.
Crunchwrap is offline  
Reply With Quote
Old 11-11-2011, 07:09 PM   #2
Reebdoog
 
Join Date: Nov 2004
Reputation: 1934
Posts: 1,223
What's different, is Valve actually encrypted the Data, Sony didn't.
Also, Sony took much longer to report what happened.
Plus, Valve has a much better standing with the community than Sony ever did.
Reebdoog is offline   Reply With Quote
Old 11-11-2011, 07:09 PM   #3
GirlPower23
 
 
 
Join Date: Feb 2009
Reputation: 8512
Posts: 10,714
Sony = Putting information in a non-secure place, month+ Downtime.

Valve = Encrypted vital information, no downtime.

There is no double standard. /thread
GirlPower23 is online now   Reply With Quote
Old 11-11-2011, 07:13 PM   #4
Crunchwrap
 
Banned
Join Date: Dec 2010
Reputation: 471
Posts: 851
Quote:
Originally Posted by Reebdoog View Post
What's different, is Valve actually encrypted the Data, Sony didn't.
Also, Sony took much longer to report what happened.
Plus, Valve has a much better standing with the community than Sony ever did.
Quote:
Originally Posted by GirlPower23 View Post
Sony = Putting information in a non-secure place, month+ Downtime.

Valve = Encrypted vital information, no downtime.

There is no double standard. /thread
Neither of these are excuses.
By the way, if I recall correctly, Sony had their credit card database encrypted, same as Valve have. The username/password database was stored in a less secure non-encrypted way. That didn't stop the class-action lawsuits and public outcry.
Crunchwrap is offline   Reply With Quote
Old 11-11-2011, 07:14 PM   #5
TFC
 
 
 
Join Date: Jun 2011
Reputation: 51
Posts: 253
The 2nd and 3rd post just struck the nail on the head. (if thats how you say it)

/thread

EDIT:
Quote:
Originally Posted by GirlPower23 View Post
Sony = Putting information in a non-secure place, month+ Downtime.

Valve = Encrypted vital information, no downtime.

There is no double standard. /thread
You may not have read that part OP.
TFC is offline   Reply With Quote
Old 11-11-2011, 07:15 PM   #6
crispy animal
 
Join Date: Sep 2010
Reputation: 45
Posts: 491
I hate Sony, I dont hate Valve/Steam. Simple
crispy animal is offline   Reply With Quote
Old 11-11-2011, 07:16 PM   #7
Crunchwrap
 
Banned
Join Date: Dec 2010
Reputation: 471
Posts: 851
Quote:
Originally Posted by TFC View Post
The 2nd and 3rd post just struck the nail on the head. (if thats how you say it)
Nope, they didn't.

Sony's credit card info was encrypted, same as Valve's. Link: http://www.pcmag.com/article2/0,2817,2384561,00.asp

The situation is the same.
Crunchwrap is offline   Reply With Quote
Old 11-11-2011, 07:17 PM   #8
Foojo
 
Join Date: May 2009
Reputation: 45
Posts: 647
Put me on the "There isn't a double standard" list. The two companies handled it completely different.
Foojo is offline   Reply With Quote
Old 11-11-2011, 07:18 PM   #9
sackofballs
 
Join Date: Nov 2008
Reputation: 9
Posts: 126
According to Gaben's announcement, Valve hashes+salts our passwords and our CC#'s are encrypted. According to a screenshot of an email (it could have been doctored) Valve encrypts all CC#'s using AES256, which is good enough.


Sony on the other hand makes no attempt to encrypt user information, and was completely evasive when questioned.

As of now, Valve has done no wrong, and has handled the situation well. The only thing Gaben/Valve could have done is state which methods were used to encrypt/salt our information.


No room is impenetrable, no safe is uncrackable.
sackofballs is offline   Reply With Quote
Old 11-11-2011, 07:19 PM   #10
W-
 
Join Date: Jul 2003
Reputation: 423
Posts: 2,987
I think the hackers publicly released parts of the data they where able to obtain from Sony. No such information exists for steam's hack, so people really don't know what happened with valve's servers. So they can't really comment about it.
W- is offline   Reply With Quote
Old 11-11-2011, 07:20 PM   #11
zzzaap
 
 
 
Join Date: Jul 2007
Reputation: 1
Posts: 32
I find this double standard completely acceptable. It between TWO COMPANIES, not between male and female or Whites and Blacks.
zzzaap is offline   Reply With Quote
Old 11-11-2011, 07:21 PM   #12
FourTwenny
 
 
 
Join Date: Dec 2008
Reputation: 760
Posts: 5,737
Sony - Makes consoles and deals with people who game on consoles.

Valve - leading PC game distributor. Deals with people who game on pc.

Sony - Has customers quick to react, while short on thought.

Valve - Has customers who prefer to think before they act.

Sony - Has an angry mob with pitchforks and torches.

Valve - Has a group who knows enough not to go into a frenzy yet.
FourTwenny is offline   Reply With Quote
Old 11-11-2011, 07:21 PM   #13
Crunchwrap
 
Banned
Join Date: Dec 2010
Reputation: 471
Posts: 851
Quote:
Originally Posted by sackofballs View Post
According to Gaben's announcement, Valve hashes+salts our passwords and our CC#'s are encrypted. According to a screenshot of an email (it could have been doctored) Valve encrypts all CC#'s using AES256, which is good enough.


Sony on the other hand makes no attempt to encrypt user information, and was completely evasive when questioned.
Again, more misinformation. Did you not see the link I posted above? Sony's credit card info database was encrypted as well, just like Valve's has been. Did that stop the public uproar against Sony? Did they stop the class action suits? No, people were still angry, and rightly so.
And there were some reports of fraudulent charges showing up on some peoples accounts.
Crunchwrap is offline   Reply With Quote
Old 11-11-2011, 07:21 PM   #14
Washell
 
 
 
Join Date: Oct 2009
Reputation: 7888
Posts: 7,887
Quote:
Originally Posted by Crunchwrap View Post
Neither of these are excuses.
By the way, if I recall correctly, Sony had their credit card database encrypted, same as Valve have. The username/password database was stored in a less secure non-encrypted way. That didn't stop the class-action lawsuits and public outcry.
PSN's security relied on a root key stored in each console. That root key was revealed in January, yet SONY did not shut down their network to redo their security. In April, 3 months later, it was breached. It wasn't a matter of if, but when. That's borderline criminal negligence.

No such negligence is assumed or expected in Valve's case.
Washell is offline   Reply With Quote
Old 11-11-2011, 07:22 PM   #15
Foojo
 
Join Date: May 2009
Reputation: 45
Posts: 647
Quote:
Originally Posted by FourTwenny View Post
Valve - Has customers who prefer to think before they act.

Valve - Has a group who knows enough not to go into a frenzy yet.
Have you read these forums much?
Foojo is offline   Reply With Quote
Reply

Go Back   Steam Users' Forums > Steam Discussions > General Steam Discussion


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -7. The time now is 12:13 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site Content Copyright Valve Corporation 1998-2014, All Rights Reserved.