SteamDB.info discovered that the Heartbleed bug is currently affecting steam. Here you can read what this bug exactly is. It's long yeah I didn't read it either. But here is what SteamDB.info says about it:

  • We recommend NOT using any Steam services until Valve issues a fix for a recently discovered vulnerability. We've contacted them about it.

  • It's a dangerous issue to everyone, it's more dangerous for developers because they deal with more sensitive content.

  • We'll inform you when it's fixed, and it's better to not do anything at the moment including logging off sites.

Lets hope they fix it fast, but for now; don't login or logout anywhere with your Steam acount! The only other, known, big player who is affected by this bug is Yahoo (Tumblr?).

Source

10 years ago*

Comment has been collapsed.

Let's make an army of magical unicorns and and fight against this Hearthbleed Bug!

10 years ago
Permalink

Comment has been collapsed.

it's pretty ironic that you say this on a site where you login using steam

10 years ago
Permalink

Comment has been collapsed.

Magic

10 years ago
Permalink

Comment has been collapsed.

I don't think that word means what you think it means.

10 years ago
Permalink

Comment has been collapsed.

maybe...

10 years ago
Permalink

Comment has been collapsed.

One of the steamforum mod confirmed it that the issue have been indeed reported (and hopefully already transferred to Valve attention at the time we are speaking)

10 years ago
Permalink

Comment has been collapsed.

If any of you happen to have further update about this, please do let us know

10 years ago
Permalink

Comment has been collapsed.

The bug appears to be exploitable by sites that ask you to login through your Steam account, by being able to read chunks of the memory of the Valve server that handles your login (and thus read out the plain text password from the server's memory.)

SteamGifts itself is such a site. If you don't login to any such sites, you should be fine. I assume SteamGifts isn't a malicious site that would actually try to exploit this vulnerability ;-) Although there's always the issue of sites being compromised; for example if someone "hacked" SteamGifts, he would use the site to get Steam login credentials of users logging in.

10 years ago
Permalink

Comment has been collapsed.

and what about Steam itself?

10 years ago
Permalink

Comment has been collapsed.

Less likely to get your account hijacked. It can only happen if a site the client communicates with has been compromised.

10 years ago
Permalink

Comment has been collapsed.

This is fishy as fck... Two of my threads posting about the HeartBleed Bug were deleted (Was using my alt).... Valve you hiding something?

10 years ago
Permalink

Comment has been collapsed.

If heartbleed is true then yes they want to hide if not they just delete spam

10 years ago
Permalink

Comment has been collapsed.

noticed that too...really really od
Satoru, as always was coming up with condescending bs such as Steamdb is not affiliated with Steam yadayayada

10 years ago
Permalink

Comment has been collapsed.

Satoru loves to stick his nose into subjects where he is clearly uninformed, so it's no big surprise he'd be commenting on this particular topic.

10 years ago
Permalink

Comment has been collapsed.

inb4 Gabe take over internet.

10 years ago
Permalink

Comment has been collapsed.

yeah he infect his own site and next he gonna take internet o/

10 years ago
Permalink

Comment has been collapsed.

Hail to our new king, Gabe

10 years ago
Permalink

Comment has been collapsed.

Nooooooo..... Someone is stealing world/internet from you! (Your pic)

10 years ago
Permalink

Comment has been collapsed.

I lold :D

10 years ago
Permalink

Comment has been collapsed.

It was made 2 hours ago and has 100 comments :P

10 years ago
Permalink

Comment has been collapsed.

Well... Now I'll have time to go to YouTube ;)

10 years ago
Permalink

Comment has been collapsed.

You know there is always another site which name is ending on tube badumtsss

10 years ago
Permalink

Comment has been collapsed.

that certain tube with the name of a colour?

10 years ago
Permalink

Comment has been collapsed.

Rainbow?

10 years ago
Permalink

Comment has been collapsed.

maybe

10 years ago
Permalink

Comment has been collapsed.

:P

10 years ago
Permalink

Comment has been collapsed.

Well if it's true that this has been around for 2 years then everyone's panic and "omg don't login anywhere!!!" logic is kind of pointless. I'm sure the people who could take advantage of this already knew about it, let's face it 2 years is a very long time, and if you were gonna get hacked because of it, it would have happened already. No need to go paranoia mode about it now. It is however fishy that volvo is deleting threads on the subject.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

How do you know no one knew about it? Like they said it's been around for 2 years and exploiting it leave no trace behind so it's impossible to know one way or the other.

10 years ago
Permalink

Comment has been collapsed.

Either way, if someone did know about it, they have not taken my account. Why would they take it now?

10 years ago
Permalink

Comment has been collapsed.

Exactly. Everyone is most likely already updating to the new, exploit free, version. If it has not already it's highly improbable that this will affect you now.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

I honestly doubt that in the two years this has been around real hackers have not discovered it, even the people who revealed said weakness now said there's no way to know if and how much it has been exploited. Average Joe(you, me and everyone else posting here) is in no more danger than he usually is with this, and all the other ways hackers have of breaching your system or stealing your password. Again, i'm not saying it's not a problem, i'm just saying it's nothing to panic over.

10 years ago
Permalink

Comment has been collapsed.

but what shall we do now? Just continue as if nothing happened and hoping that nothing bad happens?

10 years ago
Permalink

Comment has been collapsed.

I would change my password, after it has been fixed for sure.

10 years ago
Permalink

Comment has been collapsed.

No, i'm just saying it's pointless to start panicking and spreading panic.

10 years ago
Permalink

Comment has been collapsed.

steamcommunity.com seems to be patched now?

10 years ago
Permalink

Comment has been collapsed.

yep, doesnt seem to be shown as affected as well as steampowered either

10 years ago
Permalink

Comment has been collapsed.

yup its ok

10 years ago
Permalink

Comment has been collapsed.

Keep calm, everyone. It isn't the end of the world... Yet.
Keep calm, and...

10 years ago
Permalink

Comment has been collapsed.

Guys, the heartbleed test shows that its all fine from steampowered and steamcommunity side

10 years ago
Permalink

Comment has been collapsed.

here

"All good, steamcommunity.com seems not affected!" :)

10 years ago
Permalink

Comment has been collapsed.

so can we conclude that its safe now?

10 years ago
Permalink

Comment has been collapsed.

Try it multiple times.

10 years ago
Permalink

Comment has been collapsed.

There are load issues causing FALSE NEGATIVES. steamcommunity.com IS VULNERABLE.

10 years ago
Permalink

Comment has been collapsed.

The issue here is that when a fix goes out for a issue like this they are effectively telling the hackers what to do on unpatched systems. Any major site like steam would have known about this a long time ago and if you are feeling paranoid just give them the few hours to get the fixes rolled out today. The real danger is going to be on sites 4 months from now that never updated and you have already forgotten this bug existed.

10 years ago
Permalink

Comment has been collapsed.

Internet never forget

10 years ago
Permalink

Comment has been collapsed.

people do.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 2 years ago.

10 years ago
Permalink

Comment has been collapsed.

It WAS leaked. It wasn't supposed to be publicised yet.

10 years ago
Permalink

Comment has been collapsed.

Anyway, it seems to be okay now (if it was ever bugged from Steam side to begin with)

10 years ago
Permalink

Comment has been collapsed.

so its "safe" to go on steam and play games again?

10 years ago
Permalink

Comment has been collapsed.

well both sites are shown to be safe according to the heartbleed test

10 years ago
Permalink

Comment has been collapsed.

Im not 100% sure but yes

10 years ago
Permalink

Comment has been collapsed.

I will wait a bit more just to be sure :p

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

10 years ago
Permalink

Comment has been collapsed.

It looks really fishy.

10 years ago
Permalink

Comment has been collapsed.

according to this site its already fixed http://possible.lv/tools/hb/?domain=steampowered.com

10 years ago
Permalink

Comment has been collapsed.

It's not on community server

10 years ago
Permalink

Comment has been collapsed.

steamcomunity came up as fine too, from the heartbleed test

10 years ago
Permalink

Comment has been collapsed.

webtest is buggy

10 years ago
Permalink

Comment has been collapsed.

any security steps needed right now or what? Im kinda puzzled of what to do now..

10 years ago
Permalink

Comment has been collapsed.

Upgrade your browsers, phones etc. if they use openssl.

This works both ways server can steal your computers data too.

10 years ago
Permalink

Comment has been collapsed.

I mean from the perspective of a steam user: anything I should do?
I obviously have a strong password, decent anti virus+ firewall+anti spyware, i do make system updates often and the usual..

10 years ago
Permalink

Comment has been collapsed.

Just update program using OpenSSL when there is update available.

This isn't as serious as server-side, because you need to connect to server that tries to abuse this.

Firefox & Chrome use NSS and IE uses SChannel for SSL so these are not vulnerable :)

10 years ago
Permalink

Comment has been collapsed.

From what i can understand it's not something that you the end user can do much about. It's all down to websites/service providers to upgrade their software. Only thing i'm worried about is yahoo's apparent lack of reaction to this, their mail service and website is labeled as vulnerable right now...

10 years ago
Permalink

Comment has been collapsed.

Fuck,steamcommunity is once again showed up as vulnerable

10 years ago
Permalink

Comment has been collapsed.

I would think everyone here has SteamGuard enabled, so even if this was true and they got our passwords, they wouldn't actually be able to access our accounts, no? I don't get it.

10 years ago
Permalink

Comment has been collapsed.

what the heck, each time I reload the heartbleed test, it show it as vulnerable and then safe and then vulnerable again...

10 years ago
Permalink

Comment has been collapsed.

Because, as others have pointed out, there are load issues giving false negative results.

10 years ago
Permalink

Comment has been collapsed.

thats what i would guess too
however, what should be take as statement then? that its safe or not?

10 years ago
Permalink

Comment has been collapsed.

well if only the negatives are false results then it means it's not actually safe (yet).

10 years ago
Permalink

Comment has been collapsed.

Ha, posted a thread asking why "Certain threads mentioning a certain bug are getting deleted"....I didnt mention heartbleed in it, was very respectful about it, didnt use any swear words....and it got deleted in 4 minutes.

10 years ago
Permalink

Comment has been collapsed.

this is absolutly ridiculous. I really dont know what to think about all of this

10 years ago
Permalink

Comment has been collapsed.

Most likely they're trying to keep people from panicking, tho they are doing it in a very stupid way that might lead to even more panic...

10 years ago
Permalink

Comment has been collapsed.

yep

10 years ago
Permalink

Comment has been collapsed.

Might be to keep people from using the exploit themselves. More people that know about it, the more people that will use it.

10 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 3 years ago.

10 years ago
Permalink

Comment has been collapsed.

Considering the news about it is more or less all over the internet it would be stupid to classify it as "just some stupid idea" however, since it's been around for 2 years already i see no reason to panic. If you do wanna be safe about it you can always unplug your internet for a few days until it all blows over and everything updates to the new, exploit free, version.

10 years ago
Permalink

Comment has been collapsed.

The minimum that i would await from the PR of Valve (if they have any person assigned to that) to make some sort of oficial statement about this instead of trying to silence people. I mean come on, were not that dumb, we know something is very wrong

10 years ago
Permalink

Comment has been collapsed.

Yeah, how do we know what the hell to do right now ? keep us informed damn it -.-'

10 years ago
Permalink

Comment has been collapsed.

Moderation is done by volunteers and they probably don't have rights, but just try to prevent abusing.

10 years ago
Permalink

Comment has been collapsed.

Closed 10 years ago by Jurjee.