Has Valve Been Hacked Again?
It seems Valve is a victim of a security breach once again? It sure seems like it. Read on for details.
Could Valve, the company that owns Steam, have been hacked again? In a post on modding site Interlopers, it seems that's the case we're in now.
To put things in context, here's a brief history on Valve's security breaches. In 2003, a German hacker by the name of Axel "Ago" Gembe, who's also a longtime fan and kept tabs on the development of Half-Life 2 managed to steal the game's source code. It was then leaked onto the internet where it was available for anyone to modify, compile and play with. Gembe was eventually identified and caught by the FBI with the help of the online community.
Four years later, Valve was once again negotiating with another hacker. Someone who goes by the name "MaddoxX" on the anti-Steam website revealed that he had managed to bypass Valve's security protocols and accessed a significant amount of data which includes:
- Screenshots of internal Valve web pages
- A portion of Valve's Cafe directory
- Error logs
- Credit card information of customers
- Financial information on Valve
Once again, with the help of the Valve community, MaddoxX, who was revealed as a 20-year old Dutch IT student, was arrested.
Now, five years later, it seems in the time MaddoxX hacked Valve, it wasn't just credit card info and financial info that was stolen.
In a Russian underground forum (as recent as August 31, 2012), they were discussing and linking for the Source engine (rev: 2007). The poster (Skoften on Interlopers), managed to get his hands on a sample and confirms that this is the actual source code with a "Last Modified Date" of January 2008 (which can be altered easily).
The screengrab below shows client builds for the 2007 engine:
- 2x TF2 and something called "TFC"
- Counter-strike Source
- Day of Defeat: Source
- Half-Life: Source
- Portal - Multiplayer test
- Half-Life 2: Deathmatch
The Russian underground forum thread is located here (currently down. When translated, it brings a few surprising details to the table. It seems the codebase was stolen from yet another hacker by the name of "Adamix" from another data breach. Based on reports on Steam, Adamix tried to sell it, he himself got hacked, and the person who hacked him made it public.
They are now speculating that this could mean two things:
- Before MaddoxX got arrested he quickly uploaded/gave the code to someone else.
- The leak which gave MaddoxX the possibility to even get in was discovered by another party and due to their expertise came further into Valve's network.
While the definite answer isn't known now, it seems the source code is real available on the internet for download. While it might be outdated, it can still be useful for mods using it as its foundation.
Are you familiar with this situation? What do you make of all of this?
We've reached out to Valve to get a comment from their end and will update the story as it becomes available.