Sunday, November 13, 2011

Steam was hacked... but how did it happen?

As you all probably know Steam was hacked, well the forums were, which allowed the hackers to access the Steam database and retrieve all types of sensitive information

So how did they do it? Lets break it down.

Steam runs an old version of vBulletin 3.8.7 I believe it is? Anyway, vBulletin has always been prone to vulnerabilities such as RFI and SQLi so Steam made a poor decision by choosing to use this forum software. Hackers then took advantage of this vulnerability and got all the information they needed.

This could have easily been avoided for two reasons, one, if they hadn't used the same MySQL server  as they do for the actual Steam accounts the hackers could not have had access to the information, and two, Steam should not have been using vBulletin when better forum software like MyBB are out there.


If you have made any purchases on Steam I suggest you check your credit card more often to make sure there aren't any weird purchases on there.

No comments:

Post a Comment