Quote Originally Posted by SilverWarior View Post
Nowadays computers and especialy computer clouds offer huge computational power wich makes data encryption wich has been considered perfectly safe a few years ago, not so safe anymore. If we are hones no data encryption is perfectly safe.
And i don't agree with that Not all encryptions are perfectly safe, but some are. You may have also noticed increasing amount of sites which demand password to contain at least 1 number and capital letter, to improve even the bad ones.

Quote Originally Posted by SilverWarior View Post
If we take into account that steam system isn't run just on one server it means that the database itself had to be globally available. This means that hacker had ability to imposter as being one of those servers and accesing a database this way. Offcourse they needed to have proper database login creditentials to gain acces to the database data, but since it isn't very likly that database creditentials are being periodicaly changed they had lot's of time in trying it out (trying a few hundreds of password one day, a few hundreds next day, and so on). All that they had to do is keep number of login trials (guesing of passwords) low enough for not trigering anny alarms and that is all.
From end to start, the password guessing is in my opinion history already, unless system is built really bad. Admins will most likely get big red alarms after 5 wrong password attempts already, and ban the IP. They can shut it down if they see the attacks continuing on numerous IPs. Well, it doesn't require even admins, systems can prevent repeated attempts automatically usually.

If i was admin to such cloud server network, i'd use same IP whitelist for each server. As we know, the hackers were able to crack into something else than normal steam login because otherwise they wouldn't access all users at once. So, if each server only allows connections from other servers that are in the whitelist, wouldn't that solve everything? Admins themselves only need localhost connection to the server they are at. Allowing remote connection to big amount of data can be a root of problems. Even most server software (FileZilla FTP, Apache etc) lets admins only login from local network, by default.