Why are the Steam forums offline?

By Wesley Yin-Poole Published 7 November, 2011

Some users spammed with in-game hack emails.

The Steam forums are currently offline.

"The Steam Forums are temporarily offline for maintenance," a message on Steampowered reads. "Your patience is appreciated."

Valve is yet to comment on the situation, but some users have reported what looks like a breach that occurred last night.

Eurogamer was contacted by one Steam user who said a group changed the text on the forum and spammed some users' email addresses.

Images, below, show the forum redesigned slightly to contain a message from FknOwned.com, a website that offers video game hacks.

And emails from Steampowered.com were sent to some users containing the following:

"Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks? Visit [removed domain] It's safe, secure and undetected.

"Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think.

"Thanks again, the fkn0wned team."

At this stage there is no evidence to suggest that users' details have been compromised, or that Steam accounts have been breached.

The problem may only relate to the vBulletin forum software Valve uses for Steampowered. However, there may be an issue if gamers use the same username and password combination for the Steam forum as they do for Steam itself.

Eurogamer has contacted Valve for comment.

Picture of Wesley.

About Wesley Yin-Poole

Wesley is Eurogamer's news editor. He likes news, interviews, and more news. He also likes Street Fighter more than anyone can get him to shut up about it.

Read more articles from Wesley by visiting the Wesley Yin-Poole archive page.

You may also like...

Comments (18) Latest comment 7 months ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • Darren #1 7 months ago

    Thanks EG. At least I now know why I couldn't get on the Steam forums this morning. Damn bloody hackers, don't they have anything better to do?

  • Scopeh #2 7 months ago

    I guess steam got Punked.

  • neilka #3 7 months ago

    HL3 delayed by another three years.

  • bobfish09 #4 7 months ago

    vBulletin seems to be getting hacked everywhere :(

  • Der_tolle_Emil #5 7 months ago

    vBulletin versions getting hacked is bad, but open-source software will always have this problem. Luckily vBulletin uses a clever way to encrypt the users' passwords. What we have seen here is a simple (in relative terms) SQL injection - luckily vBulletin has a clever way of encrypting users' passwords so even though the hackers had access to the database they probably cannot to anything with the passwords. You also need to access files from the vBulletin installation to at least get a chance of cracking the encrypted passwords since the encryption salt is stored in the config files.

    So while this is of course bad (they probably took the email addresses) at least the forum user accounts will be safe.

  • jaywalker3010 Verified Mastering Manager, Square Enix #6 7 months ago

    so you `remove` the domain name on your write up, but its clearly visible in the image so not can easily be followed, OH and its mentioned just a few lines above :) nice
    Edited by jaywalker3010 at 07/11/11 @ 12:24

  • Eisenstein #7 7 months ago

    @Der_tolle_Emil
    Why would open-source software "always have this problem"?

  • Sharzam #8 7 months ago

    Its times like these iam glad that steam is seperated from the forums, althourgh other times its bloody annoying.

    I doubt our actual steam accounts are in trouble anyway due to the security features built into steam these days.

  • AiusEpsi #9 7 months ago

    @Sharzam Actually probably would have been better if the forums were Steam-integrated; if authentication was handled by Steam itself, all the forum software would have had is some sort of authentication token, not real username/(hashed)password combinations. You can't divulge secrets you don't know.

  • mr_pink #10 7 months ago

    How much do you want to bet Valve didn't update their vBulletin installation with the latest security patches? This is how a big proportion of these hacks happen.

  • swelt #11 7 months ago

    FknOwned, offering CS hacks and porn. Everything the little wankers need.

  • mr_pink #12 7 months ago

    PS. Eurogamer bods - I hope you've done some robust 'penetration' testing (ahem) on the new site since launch?

  • Lusterpurge #13 7 months ago

    @mr_pink
    Well, according to the steam forums "Powered by vBulletin® Version 3.8.7"
    Considering the latest stable release is 4.1.7, I would say you are right.

  • VibratingDonkey #14 7 months ago

    I wish this was a thing that happened with more frequency.

  • Der_tolle_Emil #15 7 months ago

    @Eisenstein: Why would open-source software "always have this problem"?

    That was a poorly worded post on my part. What I meant to say was that it is somewhat easier to hack open source software compared to proprietary software because you have a much better chance of running the software your own and trying out your hacks - especially if the software run is not fully patched because you can easily go through the source code from the older and newer version and check out security related changes. It's like a documentation of how to exploit the software - if it wasn't flawed then there would have been no change. If an attacker does not know which software is being used or if it is a software that is not in use anywhere else that does increase security a bit. The code will very likely still have bugs but it's much harder to get to them because you are basically forced to use trial and error until you find a field that fails to escape user post data.

    My post wasn't to attack open source software in general or anything like that, I am running a linux server with vBulletin myself. My post was just very poorly worded because it was missing the context that I had in mind when posting it :)

  • kickerconspiracy #16 7 months ago

    I'd love to own the fkn0wned team with a fkn rusty chainsaw.

  • dammskog #17 7 months ago

    still down

  • Ezuriah #18 7 months ago

    Yeah I was wondering about that after Norton insisted L. A. Noire is infected with a virus and won't allow it to run. I contacted support days ago and no response so it looks like there's more problems than just their forum getting hacked.