Originally Posted by
SilverWarior
If we take into account that steam system isn't run just on one server it means that the database itself had to be globally available. This means that hacker had ability to imposter as being one of those servers and accesing a database this way. Offcourse they needed to have proper database login creditentials to gain acces to the database data, but since it isn't very likly that database creditentials are being periodicaly changed they had lot's of time in trying it out (trying a few hundreds of password one day, a few hundreds next day, and so on). All that they had to do is keep number of login trials (guesing of passwords) low enough for not trigering anny alarms and that is all.
Bookmarks