Cloud Zone is brought to you in partnership with:

Eric Berg is vice president of products at Okta. He has more than 18 years of experience across engineering, marketing and business development and has successfully driven product, business, and marketing for both early stage SaaS companies and high growth software businesses within larger organizations. Eric is a DZone MVB and is not an employee of DZone and has posted 38 posts at DZone. You can read more from them at their website. View Full User Profile

Millions of Gamers Have Their Data Stolen… Again: The Steam Breach

11.12.2011
| 5531 views |
  • submit to reddit

It’s happened – again. A major gaming network has been hacked, compromising millions of users’ information.

Last night, Steam – Valve’s online gaming service – announced that its database had been breached. The database included coded passwords, billing information and encrypted credit card information. Valve is still investigating whether this sensitive data has been cracked, but is recommending to its 35 million active users to change their passwords and monitor their credit cards closely. That’s right, 35 million active users. In case you didn’t know, Steam is by far the largest PC game-distributing platform.

Does any of this sound familiar?

Back in April, Sony’s PlayStation Network suffered from a similar security meltdown. After hackers broke into the database, Sony was forced to shut down the PlayStation Network for three months. Over 100 millions users had their information corrupted and 93,000 accounts were shutdown. Sony’s estimated loss totaled above $18 million.

And then there was the Electronic Arts attack in June. Here, hackers successfully broke into the BioWare Neverwinter Nights system – gaining access to its database of emails, mailing addresses, phone numbers, and birth dates.

Outside of gaming networks, the past six months have included major security breaches for a host of online servers. For example, LastPass was also broken into in June. The attackers accessed the LastPass database, which included email addresses and salted password hashes. For those with dictionary-derived passwords – especially if those passwords were used across multiple channels – the threat of having their data cracked was high.

It’s clear: broad-based spam phishing attacks are rampant and worse, they work. Check out the timeline of recent server hacks below, and follow the Okta blog as we continue to keep you updated with the latest regarding security breaches impacting consumers and enterprise.

Securing sensitive information online is an issue that needs to be addressed. We’ve brought this statistic up before on the Okta blog, but in light of recent events, it bears repeating: 75% of all web users use the same password for everything.

Whether it’s email addresses (work and personal), online shopping accounts, banking information or other sites, the majority of consumers are making themselves vulnerable. And when consumer servers get hacked, enterprise password security also becomes a very real concern.

If the majority of people are using the same password for everything, IT administrators have to consider that employees are bringing these same passwords to web-based company apps. For enterprise, this means a couple of things. First, multifactor authentication (MFA) becomes a crucial best practice for managing a company’s web apps. Second, IT needs to be able to monitor access to these apps from a single place.

At Okt,a we believe in a cloud-first approach. We also believe that’s important to be aware of the potential risks associated with storing information online and to make sure you’re protected. For consumers, this could mean simply varying your account passwords. For enterprise, this involves making thoughtful choices in how you manage employee access to web-based apps.

TIMELINE OF RECENT SECURITY BREACHES:



Source: http://www.okta.com/blog/2011/11/millions-of-gamers-have-their-data-stolen…again

Published at DZone with permission of Eric Berg, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)