• Valve resets partner logins as result of someone exploiting the "Heartbleed" bug
    72 replies, posted
[QUOTE=Bo98;44507969]Wait wait wait, I just realised that this happened AFTER developer logins were reset. That's a bit worrying.[/QUOTE] did they say they reset logins anywhere?
Well this thread is about them resetting partner logins.
it's actually an unsourced statement though. i can only confirm that i got the password change prompt (the screenshot on the OP is mine) but i have no idea if they actually invalidated all sessions.
Ah I see what you mean. I can't find anything direct from Valve. The best source I can get is SteamDB: [url]https://twitter.com/SteamDB/status/453909631883280384[/url]
yeah thing is it's not really even a forced password change. after you press 'next' the cancel button gets enabled and you can just go on with your life :v:
Haha seriously? I don't call that a reset at all. :v: That explains it.
im also told other developers (hi timmy!) didn't get prompted to change their password. weird stuff.
[QUOTE=Tamschi;44505241]It's been retracted :v: They [U]really[/U] should get new certs, it's not [I]that[/I] much work either since they can still push a client update with the old one to replace it seamlessly.[/QUOTE] The only problem with that is how (un)reliably browsers etc check CRLs. There's no point revoking a websites cert only for a browser to ignore that and continue to accept it.
Holy crud people stop stealing my account info I just want to not be broke because of fraud thanks
[QUOTE=Bo98;44507969]Wait wait wait, I just realised that this happened AFTER developer logins were reset. That's a bit worrying.[/QUOTE] It's was fixed some time ago. Now it says South Park: The Stick of Truth.
[QUOTE=S3rpant67;44509512]It's was fixed some time ago. Now it says South Park: The Stick of Truth.[/QUOTE] I realise that. It was the fact that the change happened after the password reset. Though it makes sense now after Gran PC said that you can avoid the reset.
the dialog popped up again so i thought you'd be interested in seeing what i meant: [img]http://puu.sh/84uYp.png[/img] [img]http://puu.sh/84v31.png[/img] [img]http://puu.sh/84v46.png[/img] notice how the cancel button got enabled in that last screen. [editline]11th April 2014[/editline] im also told some developers were emailed with new passwords (they directly changed passwords without asking), but once again this did not happen to a lot of employees (like timmy again!!)
Sorry, you need to Log In to post a reply to this thread.