Credit Card Details Stolen. Are You in Danger?

[-smash-]

No, you're not.[br]Halflife2.net has known about this supposed hacking situation since the day the alleged hacker, MaddoxX, first revealed on his website that he had broken into Valve's extremely sensitive customer information base, and threatened to release thousands of customer credit card information. But because the story was not 100% solid, we felt no inclination to reveal to the public of the matter because speculation on something of this magnitude would have been devastating to Valve in their early stages of investigating the issue - We only notified Valve directly of the situation.[br]MaddoxX (his website will not be linked) apparently gained access to a third-party website Valve uses to manage their Cyber Cafe customers and their assets. This website contained billing information from the Cafe program, but it has no direct tie with Steam. MaddoxX claimed to be in possession of thousands of Steam user credit card information, and threatened to release them to the public after he "finished preparing the excel sheet." Turns out, he was never in possession of such information - He only had card details of Steam Cyber Cafe owners.[br]Valve has released an official statement:http://forums.steampowered.com/forums/announcement.php?f=14

There has been no security breach of Steam. The alleged hacker gained access to a third party site that Valve uses to manage the commercial partners in its cyber cafe program. This cyber cafe billing system is not connected to Steam. [br]We are working with law enforcement agencies on this matter, and encourage anyone with more information to email us at [email protected].

 

[63]

Why bother posting this at all then? Take him out of the spotlight, it's exactly what he wants.

 

[-smash-]

Why bother posting this at all then? Take him out of the spotlight, it's exactly what he wants.

He's a liar. That's the point I'm making. It's subtle, but it's the message.[br]And many people have seen other news sites claiming that MaddoxX truly was in possession of CC info, and many were accusing Valve of keeping it a secret to their customers when sensitive information was at risk (Which is apparently illegal thanks to a California State Bill). This is here to enlighten those people.

 

[63]

What news sites? This is the first time I have heard of this issue. Btw, I'm MaddoxX.

 

[-smash-]

What news sites? This is the first time I have heard of this issue. Btw, I'm MaddoxX.

• STEAM Hacked, User Credit Cards May be at Risk
  @ Dailytech
• Half-Life hacker holds Valve to ransom
  @ The Inquirer
• Counter Strike firm in credit card hack claim
  @ The Register
• Valve Hacked
  @ SB2/ForumDog
• STEAM Hacked
  @ EggXpert / Newegg
• Steam Hacked - Cafes At Risk, User Credit Cards Next?
  @ Internode Games Network
• Steam Hacked, Credit Cards May Be Exposed
  @ Gameworld Network
• STEAM Hacked, User Credit Cards May be at Risk
  @ reviewLAB
• Valve Hacked. Your Info may be at risk.
  @ Digg
• Steam, Punked?
  @ 1UP
• Steam Hacked, Credit Card Numbers Taken
  @ Slashdot
• Valve's Steam service hacked, credit card information obtained
  @ Joystiq
• Steam Hacked? (Updated)
  @ Shacknews
• Valve's Steam Hacked?
  @ Actiontrip
• Steam Hacked, Credit Cards May Be Exposed
  @ Gameworld Network
• Steam Cracked?
  @ Blue's News
• Rumor: Valve Hacked, CC Numbers Stolen
  @ Kotaku

 

[63]

Never heard of them.

 

[-smash-]

Of course you haven't.

 

[<RJMC>]

the same madox that make all those articles and hate everything?

 

[Harryz]

Good to know.

 

[hool10]

Thank you for posting this. I was worried sick and kept monitoring my pre-paid cc. I have only bought 2 games off Steam but I was worried he had them. I wondered about the thread I posted in because it vanished but now I know why. Well hopefully this bastard can finally be caught. He was the major guy to put the "Emporio" HL2 beta on the torrent network. He is responsible for lots of leaks and such. He also threatened to leak HL2: Episode 1 and "other" stuff he claimed. This is going to be "hunt for the Valve hacker" all over again. The community will find the guy just like last time. Then we will find out who this guy is. Should be quite interesting on what will happen. :naughty:

RJMC-the same madox that make all those articles and hate everything?

No, no. Before I even knew who he was, I knew who "this" Maddox guy was. He's the black hat varity. I always wondered how he was never caught or why Valve never went after him. *He also likes to tease people. He often get's away with it too because he's so hard to find. This will take some work to crack this guy.

 

[Mountain Man]

This will take some work to crack this guy.

And he probably won't fall for the "We'd like to interview you for a job" trick, either.

Still, Valve has proven themselves very tenacious when it comes to tracking down and prosecuting these low-lifes, so I hope this "MaddoxX" cocksucker enjoys living every day having to watch over his shoulder.

 

[Ennui]

I TOLD YOU VEGETA
Next time don't yell at me for 20 minutes in AIM about how THE PEOPLE HAVE A RIGHT TO KNOW THAT THEIR CREDIT CARD INFORMATION IS IN DANGER!!!11

To the couple of people whose threads we deleted about this in the past couple weeks, sincere thanks from the staff for being so understanding about it

 

[DuB]

I was wondering if/when you guys would post about this and IMO you guys did well not to post during the hype for two reasons, one was not to give this kid anymore spotlight.

 

[MiccyNarc]

That's highly interesting. I used to use my parent's credit card number to buy games off of steam, about 2 days ago it was used to sign up for a dating site, incurring 3 $100 charges. We cancelled it immediately and are trying to figure out how it was stolen. Are we certain no Steam user's credit cards were accessed?

 

[Ennui]

I believe we are relatively sure, but don't quote me on that. I just feel inclined to point out that credit card fraud is pretty common, it's happened to my family as well.

 

[Iced_Eagle]

I love the email address

Anyways, I'm hoping Valve gets him. He's done nothing but become a real thorn in Valve's side.

 

[§amW]

They question is:
Does valve even keep credit card numbers?
I can see why they have cyber cafe card numbers because thier bill is re-occuring.
But user creditcards have no place in valve computers.

 

[Gusdor]

the same madox that make all those articles and hate everything?

Yes - he is awesome

 

[Pi Mu Rho]

Yes - he is awesome

No, it's not the same person.

 

[Jintor]

They question is:
Does valve even keep credit card numbers?
I can see why they have cyber cafe card numbers because thier bill is re-occuring.
But user creditcards have no place in valve computers.

Eh? I mean, it's a way to pay for games over Steam. Duh they use credit cards.

/EDIT Oh, I didn't read the question properly.

 

[Ennui]

They question is:
Does valve even keep credit card numbers?
I can see why they have cyber cafe card numbers because thier bill is re-occuring.
But user creditcards have no place in valve computers.

I'm not sure it's even legal to store CC information without asking in the first place, so I highly doubt it, but I definitely don't know one way or the other for sure.

Yes - he is awesome

Yeah, real intelligent deduction, Maddox - who has published a book and actually makes money off his site - probably hacks on the side, using the same name, but somehow hasn't been arrested yet. It's obviously not the same person...

 

[Rapstah]

I knew it was fake from the start. When buying a game, Steam tells you that your credit card information isn't stored at all.

I think. D:

 

[Asknoone]

Here's to hoping the silly little prick gets what's coming to him.

I TOLD YOU VEGETA
Next time don't yell at me for 20 minutes in AIM about how THE PEOPLE HAVE A RIGHT TO KNOW THAT THEIR CREDIT CARD INFORMATION IS IN DANGER!!!11

There's a surprise. :|

 

[hool10]

Valve doesn't store your cc on their servers just in case this happens. It's handled by the cc company and it's their problem not Valves. Hopefully no real damage is done anyways. I'm buying L4D and Episode 2 off Steam anyways.

 

[Zips]

I still don't believe the full truth is being told by Valve on this one.

 

[Pi Mu Rho]

Of course not. Valve are just trying to suppress the truth! Maddox is a glorious freedom fighter, determined to restore the rights of the downtrodden end user!

 

[PimpinPenguin]

Anyone noticed that his forum has gone down since Valve said he was lieing.

 

[Formaldehyde]

I also smell some bullshit here.

First of all, there was no harm done. The bottom line is, thanks to this guy, valve became aware of a security breach that would otherwise remain unnoticed and now will probably get fixed.

Second... if he was "threatening" to release the CC information, that must mean he was asking for something in return... like, blackmail. What was it? Why don't we get the complete details of the story? It's pretty easy to just form a moralist opinion and point the finger to the guy and say "evil hacker". Not that I'm defending the guy, he was wrong for sure, but I don't trust valve on this one either. They're hiding something. Why would the guy just keep threatening to disclose the information for absolutely no purpose like a dumbass? Like.. "hey valve... I will post the CC information... TOMORROW!!". Either he would disclose the information, or he wouldn't.

It's more likely it went down like this:

1 - Hey valve, I don't have any CC information to disclose, but you have a security breach that I thought you should be aware of.

OR

2 - Hey valve, I have all your clients CC information, unless you give me lots of money I'm going to disclose everything.

I think valve is just throwing a hissyfit and trying to show some work because all in all this is the second time this guy alone managed to be smarter than their whole team. Or not, who cares. But I still think the official story we're being told is probably not exactly how it happened...

 

[Asknoone]

Someone hasn't bothered reading.

 

[Xendance]

I, also, was rather worried about this. Thanks for enlighting me.

 

[Pi Mu Rho]

I also smell some bullshit here.

First of all, there was no harm done. The bottom line is, thanks to this guy, valve became aware of a security breach that would otherwise remain unnoticed and now will probably get fixed.

Second... if he was "threatening" to release the CC information, that must mean he was asking for something in return... like, blackmail. What was it? Why don't we get the complete details of the story? It's pretty easy to just form a moralist opinion and point the finger to the guy and say "evil hacker". Not that I'm defending the guy, he was wrong for sure, but I don't trust valve on this one either. They're hiding something. Why would the guy just keep threatening to disclose the information for absolutely no purpose like a dumbass? Like.. "hey valve... I will post the CC information... TOMORROW!!". Either he would disclose the information, or he wouldn't.

It's more likely it went down like this:

1 - Hey valve, I don't have any CC information to disclose, but you have a security breach that I thought you should be aware of.

OR

2 - Hey valve, I have all your clients CC information, unless you give me lots of money I'm going to disclose everything.

I think valve is just throwing a hissyfit and trying to show some work because all in all this is the second time this guy alone managed to be smarter than their whole team. Or not, who cares. But I still think the official story we're being told is probably not exactly how it happened...

Except Maddox actually said that he'd disclose the CC detail if Valve didn't update their site to say "we've been compromised". Blackmail. That's what Maddox himself said. Stop making up conspiracies.

 

[Formaldehyde]

Oh, sorry about that, my favorite HL2 news site (this one) never mentioned any of this.

 

[Zips]

Of course not. Valve are just trying to suppress the truth! Maddox is a glorious freedom fighter, determined to restore the rights of the downtrodden end user!

Oh come now, there's far too many holes in the statement from Doug to say unequivocally that all customer's information is 100% secure. Maybe if they said that they don't store non-cafe owners information that'd be more reason to not really get up in arms about this.

 

[hool10]

Everybody should stfu about their own conspiracy theories. First off the only time that Valve has lied to us was the initial HL2 release date. They realized what they did and promised to never do it again to the community. You think they are holding conspiracy theories against the community? Valve values you more than anything else because you are the one who buys their games and tells other people about their games too. They would'nt hold out anything on the customer. Maddox says he tried to tell Valve about the security and Valve doesn't listen (which I'm sure they were investigating). So what, he took matters into his own hands?! And no harm done yet so it's ok right? Wrong. This guy can sell your cc for a price if he wants to. As I will repeat again Valve under no circumstance will hide anything from you! Some of you people need to get out more and off those darn steampowered forums imo. *Oh yeah don't listen to anything that Maddox says. Listen to Valve's official words instead of some "ub3r hax0r".

 

[Kadayi]

I got the impression MaddoxX was based down under from the No Steam website he and his mates had/have going on. I think they main thing he had a hard on about was a dislike of the Steam service to a pathological degree. The great thing about when you start threatening to release financial data is banks are international, and they have a vested interest in ensuring people who might make people question the safety of their money (especially when it comes to online purchases), not only get caught, but also get punished to the maximum extent (this has very little to do with Valve tbh). If the guy genuinely has stolen CC data from the Cafe users he's effectively put himself away for 5+ years, add blackmailing onto that (innocuous as it may seem) that's probably another 5 on top. 10 years in prison for a little internet notoriety...I'm not sure it's worth the trade off. No doubt he/she possessed some delusions of going 'my bad' and all being forgiven somehow, but that is wishful thinking.

 

[polyguns]

Wow, this is blowing my mind

That's highly interesting. I used to use my parent's credit card number to buy games off of steam, about 2 days ago it was used to sign up for a dating site, incurring 3 $100 charges. We cancelled it immediately and are trying to figure out how it was stolen. Are we certain no Steam user's credit cards were accessed?

This is mind blowing to me. to the guy i quoted, the article says " He only had card details of Steam Cyber Cafe owners."

if he can get that, he can get anything. your not safe anywhere. i had my number stolen, and the bank said the theives will get your number, get some hotel key cards, and generate credit cards they can use at self checkout stations.


is that amazes me is the appauling behavior of Halflife2.net in this situation. clearly they are here to serve the interests of valve and not the consumer. the information was published by various other news outlets, so it wasn't secret, or confidential, it and holding out posting this information until AFTER the investigation was complete put readers of Halflife2.net and users of steam at risk. clearly the bandit got cc info.


if only all news outlets looked out for the interests of corporations over its own consumers.....the world would be a much better place.


total fanboi move. though i might be missing something. if i am please explain.

 

[FoxFire]

clearly the bandit got cc info

Don't know how you figured that one...
I'm pretty sure VALVe doesn't store credit card information because it doesn't need to. But it wouldn't surprise me if they did.

 

[Kadayi]

If Valve stored your card details then whenever you went to purchase something new they would be listed as an option, just like Amazon list your previously used cards when you get to the payments screen. It's been a while since I purchased anything through Steam, but I'm pretty sure whenever I have, I've always had to enter the card details again, which seems to debunk the saved CC data theory. The Cafe scene is one where people have ongoing accounts so it makes sense to retain that data if the users are making regular payments, but that is run through a third party and not through Steam.

 

[Mr. Ed]

If Valve stored your card details then whenever you went to purchase something new they would be listed as an option, just like Amazon list your previously used cards when you get to the payments screen. It's been a while since I purchased anything through Steam, but I'm pretty sure whenever I have, I've always had to enter the card details again, which seems to debunk the saved CC data theory. The Cafe scene is one where people have ongoing accounts so it makes sense to retain that data if the users are making regular payments, but that is run through a third party and not through Steam.

Yeah whenever I've bought anything I've had to put in the details again.

 

[Fliko]

The stupidity of some people still amaze me from time to time