PDA

View Full Version : Steaaam's been haaaacked



Nalano
11-11-2011, 12:49 AM
November 10th, 2011

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.One of the unfortunate drawbacks of keeping huge databases of personal information.

Heister
11-11-2011, 12:53 AM
Have you seen the daily deal yet?

Nalano
11-11-2011, 12:54 AM
Asteroid Fly-By Sale

"2005 YU55" LOL

TillEulenspiegel
11-11-2011, 01:02 AM
Oh for fuck's sake.

So, any idea what hash they were using? 'Cause if it's something like SHA or MD5 and not bcrypt, I'm going to have to start changing shit...I used a good password for Steam. And a nice new credit card.

Ugh. This is a huge fuckup.

EDIT: Also, how have I not received an email about this yet? It looks like the text you posted is posted in the forums, and nowhere else. What the fuck.

Drake Sigar
11-11-2011, 01:12 AM
Hold on, I'm watching Saving Private Ryan. I just know this is going to lead me to a Band of Brothers marathon.

Ok, commercials. Panic, panic, EVERYBODY PANIC!

Nalano
11-11-2011, 01:15 AM
EDIT: Also, how have I not received an email about this yet? It looks like the text you posted is posted in the forums, and nowhere else. What the fuck.

It showed up as a Steam pop-up. I just copypasta'd.

Heister
11-11-2011, 01:17 AM
Asteroid Fly-By Sale

"2005 YU55" LOL

Not the fly-by sale. This http://store.steampowered.com/news/6736/

Nalano
11-11-2011, 01:24 AM
Not the fly-by sale. This http://store.steampowered.com/news/6736/

That would explain why you mentioned it here, of all places.

sabrage
11-11-2011, 01:26 AM
I just use these frequent hackings as an excuse to change my passwords globally. I probably never would otherwise.

Moraven
11-11-2011, 01:26 AM
It showed up as a Steam pop-up. I just copypasta'd.

Never got it as a pop-up nor email yet.

Kaira-
11-11-2011, 01:26 AM
It showed up as a Steam pop-up. I just copypasta'd.

Could there possibly be any worse way to bring this information up, excluding not bringing it up? Sheesh.

Heister
11-11-2011, 01:27 AM
Never got it as a pop-up nor email yet.

http://forums.steampowered.com/forums/

sinomatic
11-11-2011, 02:50 AM
Can someone tell me whether or not I'm being incredibly thick - is anyone able to change their steam forum password right now? Or are the forums down totally apart from that message?

Nalano
11-11-2011, 03:34 AM
Can someone tell me whether or not I'm being incredibly thick - is anyone able to change their steam forum password right now? Or are the forums down totally apart from that message?

Pretty much the latter.

soldant
11-11-2011, 03:49 AM
If this was EA and Origin, there'd be blood in the streets. I hope Valve end up getting the same sort of backlash, if only to remind me that the internet isn't entirely consumed by fanboys.

Rii
11-11-2011, 04:35 AM
Imagine if Steam was down for the next month on account of this a la PSN. Ah, one can dream...

Hensler
11-11-2011, 05:01 AM
Imagine if Steam was down for the next month on account of this a la PSN. Ah, one can dream...

What am I missing here? Why would one dream of that?

vinraith
11-11-2011, 05:21 AM
What am I missing here? Why would one dream of that?

It might wake a few people up, at least.

Wooly Wugga Wugga
11-11-2011, 05:26 AM
This sucks. That is all.

Rii
11-11-2011, 05:29 AM
What am I missing here? Why would one dream of that?

Because when people go to play their games and can't - even those they didn't even buy from Steam - they might finally wake up and say "hey, this is bullshit."

And in the interim the rest of the digital distribution market - which is almost universally less restrictive than Steam - would be booming. More folks would be introduced to such alternatives and realise their advantages, and so when Steam actually returned it would be to a changed market informed by its recent experiences.

TillEulenspiegel
11-11-2011, 05:32 AM
If this was EA and Origin, there'd be blood in the streets. I hope Valve end up getting the same sort of backlash, if only to remind me that the internet isn't entirely consumed by fanboys.
Any time a company manages to expose their entire customer database, they deserve quite a lot of shit.

Still no email, by the way. I'm gonna be real charitable like and assume they're gathering further information before informing everyone. Because to not directly contact everyone involved would be absolutely scandalous. That's standard procedure in these situations, for obvious reasons.

acidtestportfolio
11-11-2011, 05:53 AM
Still no email, by the way.

there's a popup

Nalano
11-11-2011, 06:17 AM
And in the interim the rest of the digital distribution market - which is almost universally less restrictive than Steam - would be booming. More folks would be introduced to such alternatives and realise their advantages, and so when Steam actually returned it would be to a changed market informed by its recent experiences.

But being tied to an online payment portal isn't unique to Steam, or even Steam and Origin. Amazon keeps customer records, after all. This is an intrinsic weakness of eCommerce in general.

soldant
11-11-2011, 06:33 AM
But being tied to an online payment portal isn't unique to Steam, or even Steam and Origin. Amazon keeps customer records, after all. This is an intrinsic weakness of eCommerce in general.
That wasn't really his point though, he was more commenting on how Steam seems immune to criticism in general, and how people seem to blindly assume that nothing will ever go wrong with Steam and Valve are benevolent and it'll be here forever and ever... to the point where they violently oppose any newcomers.

Then this comes along, shows up as an incredibly serious breech of security, and the world hopefully will realise that Steam, like any other digital distribution system, is not immune to problems and needs to be treated with the same caution as any other system.

People pick apart EA and Origin, which is fine, but largely ignore potential issues with Steam and just go "It's great, it'll never have any problems." It sucks that such a major issue has occurred, but at least it'll force people to recognise that Steam isn't infallible.

Nalano
11-11-2011, 07:19 AM
That wasn't really his point though, he was more commenting on how Steam seems immune to criticism in general, and how people seem to blindly assume that nothing will ever go wrong with Steam and Valve are benevolent and it'll be here forever and ever... to the point where they violently oppose any newcomers.

And, yet, the only folks to comment thus far are people who seem to be leaping at the chance to revel in their Shadenfreude, and either way, just as I'm kinda sick of every RPG thread being Beetlejuiced, I don't want this to devolve into a Pro/Anti-Valve pissing match.

Yes, clearly Valve is to blame for not having a security system that can stave this off (though if you ask me, this sort of hacking/data farming is more or less inevitable with any system that's online) but I was posting the thread for more constructive purposes:

1) Information. People clearly don't yet know.

2) Is there a system that, if not uncrackable, has a better track record for resisting whatever Valve has recently (and many other companies in the last few months, including juggernauts Blizzard and Sony) been prey to. If so, what?

vinraith
11-11-2011, 07:27 AM
And, yet, the only folks to comment thus far are people who seem to be leaping at the chance to revel in their Shadenfreude,

Odd, I don't see anyone doing that. I, for one, am concerned about my information being compromised. Rii stated a hypothetical that might make people more cognizant of the issues surrounding Steam. That'd be something of a silver lining, but this is still a big damn storm cloud any way you look at it.

metalangel
11-11-2011, 07:28 AM
Can we keep the "Steam is Jesus/Satan" thing down a bit? I'm a bit anxious about all this and wondering stuff like: I didn't save my card details on Steam (typed em in again every time I bought stuff), does that mean the card details weren't stored in whatever data was stolen?

Rii
11-11-2011, 07:41 AM
But being tied to an online payment portal isn't unique to Steam, or even Steam and Origin. Amazon keeps customer records, after all.

Yes but if Amazon gets hacked my books don't disappear. Because they're mine. Obviously that sort of thing doesn't appear to have happened in this case either, I merely raised it as a plausible hypothetical in light of the fact that when Sony was hacked they did have to take their network down for an extended period. And my thinking is that if that were to happen to Steam it would probably be a good thing for PC gaming in the broader scheme of things.

As to what has actually happened I don't exactly feel like jumping up and down on Valve's grave here any more than I did Sony's. Obviously they should've had better systems and procedures in place but, well, shit happens. So far as I'm concerned this isn't yet a terribly big deal unless and until some other action or inaction on Valve's part makes it one e.g. if it's revealed that Valve wasn't taking even basic security precautions, if they fail to take reasonable steps to contact potentially affected customers or fail to work with customers/banks to resolve issues that arise, etc.

Nalano
11-11-2011, 08:01 AM
Odd, I don't see anyone doing that. I, for one, am concerned about my information being compromised. Rii stated a hypothetical that might make people more cognizant of the issues surrounding Steam.

I merely raised it as a plausible hypothetical in light of the fact that when Sony was hacked they did have to take their network down for an extended period.

I'm don't at all suspect that such will be the case. And expressing fear that such may occur is different than hoping that such will occur.

Mohorovicic
11-11-2011, 08:06 AM
So wait, when did the forums actually go down? Wasn't that several days ago? And only now they thought it's a good idea to tell people they've been hacked?

soldant
11-11-2011, 08:16 AM
Can we keep the "Steam is Jesus/Satan" thing down a bit? I'm a bit anxious about all this and wondering stuff like: I didn't save my card details on Steam (typed em in again every time I bought stuff), does that mean the card details weren't stored in whatever data was stolen?
It's highly unlikely that your credit card details (if they were stored) could actually be used. They're likely so heavily encrypted that it'd be practically impossible (though not theoretically) for them to decrypt and use them. If Valve were smart they'd be suing 256 or 128 AES encryption, and nobody's going to break that in any useful timeframe. If however there's some major security oversight or screwup (i.e. Valve didn't properly secure credit card details) then people with their CC details saved are in trouble.

The REAL hazard is if you've used your Steam forum password elsewhere in such a way that they could link your accounts and use your password on something else. Like if you used the same password for Steam and your attached email address, someone could make the connection and then gain access to your emails. And given that an email address has become the defacto username for many sites, it's reasonably concerning.



And, yet, the only folks to comment thus far are people who seem to be leaping at the chance to revel in their Shadenfreude, and either way, just as I'm kinda sick of every RPG thread being Beetlejuiced, I don't want this to devolve into a Pro/Anti-Valve pissing match.
Good luck with that, because a security breech is going to attract criticism of Valve no matter how much you'd wish it wouldn't. Even an objective, clinical assessment of the event is going to result in criticism even though no system is flawless. Hell I'd criticise the info release method; a box that pops up after I've played a game isn't being particularly informative or timely. Rii's point still stands though: the love-affair with Valve has led many to believe that this sort of thing is limited only to "lesser" companies who would be hanged, drawn and quartered if this happened to them. All systems can fail, even one under Valve's control.

Nalano
11-11-2011, 08:19 AM
Even an objective, clinical assessment of the event is going to result in criticism even though no system is flawless.

I'm not stressing the 'criticism' part. I'm stressing the 'constructive' part.

MiniMatt
11-11-2011, 10:38 AM
So wait, when did the forums actually go down? Wasn't that several days ago? And only now they thought it's a good idea to tell people they've been hacked?

Forums have been saying "down for maintenance" for a while; seems they're saying 6th November.

Also a bit grumpy that I only found this out because I happened to go to the Orcs Must Die forum to see what today's update is all about. Haven't had an email or popup.

TillEulenspiegel
11-11-2011, 11:12 AM
I'm not stressing the 'criticism' part. I'm stressing the 'constructive' part.
Constructive for whom? Valve? Unless you're doing a security audit, I don't see how anyone would be able to provide "constructive criticism" at this point.

TillEulenspiegel
11-11-2011, 11:19 AM
2) Is there a system that, if not uncrackable, has a better track record for resisting whatever Valve has recently (and many other companies in the last few months, including juggernauts Blizzard and Sony) been prey to. If so, what?
Ask Google, Apple, Amazon, etc. Any of the giant targets who have never been hacked in their many years of existence. It is possible to get this stuff right.

The answer is to care. At Google in particular, I'd bet just about everyone who's able to modify the system knows and cares about security. They know how to write secure code, and there's no doubt company policy enforcing that and doing constant checks. You do all the right things consistently, you don't make giant mistakes, and you're more or less invulnerable. The problems happen when you get lazy or sloppy, or when important things are entrusted to incompetent people.

And if you don't care, you'll always be vulnerable to social engineering.

Anthile
11-11-2011, 12:25 PM
Ask Google, Apple, Amazon, etc. Any of the giant targets who have never been hacked in their many years of existence. It is possible to get this stuff right.


Maybe they just never told you.


http://www.youtube.com/watch?v=y8Kyi0WNg40

Nalano
11-11-2011, 12:34 PM
Ask Google, Apple, Amazon, etc. Any of the giant targets who have never been hacked in their many years of existence. It is possible to get this stuff right.

Amazon's been hacked.

gundrea
11-11-2011, 12:59 PM
Google's been hacked. They just didn't take anything besides stray development code.

Hacks or security breaches occur every day and while I couldn't put a statistic to it I'd say a significant number go unnoticed.

Steamworks is DRM yes, what do we do about it?

Rii
11-11-2011, 01:10 PM
Steamworks is DRM yes, what do we do about it?

Not purchase the games in question, or only do so at prices that reflect the sub-par product received. For my part I suspect I'll get around to Rage and Deus Ex: Human Revolution around this time next year.

Dugular
11-11-2011, 01:40 PM
It might wake a few people up, at least.

Oh wow, Hitler had similar feelings about his way being the right way. Some of us like Steam. If Steam was down for a week, I wouldn't be waking up from anything. I'd just be at the pub a bit more that week.

Althea
11-11-2011, 01:41 PM
If this was EA and Origin, there'd be blood in the streets. I hope Valve end up getting the same sort of backlash, if only to remind me that the internet isn't entirely consumed by fanboys.
Indeed, I would kind of be expecting that, but Valve can - and do - pull any old shit and everyone still kisses their boots as if they're some sort of Divine Overlord.

gundrea
11-11-2011, 01:43 PM
Don't you see Dugular? This is how it starts everyone loves Steam and Steam are going to restore the economy then Valve HQ burns down and before you know it Gabe has emergency powers and invades Poland.

But the future refused to change...

metalangel
11-11-2011, 02:31 PM
Oh wow, Hitler had similar feelings about his way being the right way.

You cannot be serious!

soldant
11-11-2011, 02:36 PM
Don't you see Dugular? This is how it starts everyone loves Steam and Steam are going to restore the economy then Valve HQ burns down and before you know it Gabe has emergency powers and invades Poland.

But the future refused to change...
So... should I charge the Chronosphere?

Heister
11-11-2011, 02:49 PM
Gabe - "We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating."


I'm still trying to work out why that info was connected to the forums. Any ideas anyone?

""We learned that intruders obtained access to a Steam database in addition to the forums."

So was the store itself hacked?

Rii
11-11-2011, 02:52 PM
So was the store itself hacked?

Yes they stole all the games and now the children will have to go without this Christmas. =(

Drake Sigar
11-11-2011, 02:56 PM
Bugger em. Adversity builds character.

vinraith
11-11-2011, 04:40 PM
Oh wow, Hitler had similar feelings about his way being the right way.

Wow. I'm just going to quote that and leave it here for posterity.

lasikbear
11-11-2011, 05:08 PM
Wow. I'm just going to quote that and leave it here for posterity.

You know who else quoted things and left them for posterity?

CrazyEthan
11-11-2011, 05:15 PM
Valve was fucked#

vinraith
11-11-2011, 05:17 PM
You know who else quoted things and left them for posterity?

John Bartlett?

zookeeper
11-11-2011, 09:11 PM
Sooo... why am I hearing about this from RPS and not valve?

I just logged into steam for the first time this week to change my password and I didn't see any pop ups, messages, or emails about a security breach. Not even a helpful hint that maybe I should probably think about changing my password for no specific reason, but nothing's wrong, honest!

Althea
11-11-2011, 09:14 PM
Sooo... why am I hearing about this from RPS and not valve?

I just logged into steam for the first time this week to change my password and I didn't see any pop ups, messages, or emails about a security breach. Not even a helpful hint that maybe I should probably think about changing my password for no specific reason, but nothing's wrong, honest!
I got the pop-up this evening, no joke.

Moraven
11-11-2011, 10:49 PM
Got the pop up after I exited a game. Seems the only time i do.

TillEulenspiegel
11-11-2011, 10:54 PM
So, are they not going to send out emails? Because...wow.

It's still relatively early in PST, so I guess they have a bit of time before the work week is over. I remain hopeful that Valve will prevent my opinion of them from plummeting into the ground. Maybe.

Rii
11-11-2011, 11:26 PM
So, are they not going to send out emails? Because...wow.

Maybe they no longer have the addresses to send them to.

Althea
12-11-2011, 12:05 AM
Maybe they no longer have the addresses to send them to.
Valve would have back-ups, or at least I bloody well hope they would, unless it was that one week they were without back-ups because, for some reason, all the back-ups were out of service after Gaben slaughtered a kitten to the demonic gods of perpetual delays.

Heister
12-11-2011, 03:01 AM
I'm still trying to work out why that info was connected to the forums. Any ideas anyone?

""We learned that intruders obtained access to a Steam database in addition to the forums."

So was the store itself hacked?

Anyone got any info on this? Why would our info be available via a forum? I think the "We learned that intruders obtained access to a Steam database in addition to the forums." is a touch misleading. How exactly did they access a database that isn't connected to the forums? The forums are seperate from our Steam accounts yes?

Unless the moderators had access to that info to verify that forum posters actually bought the games that they were commenting on? Sounds a bit extreme but that's the only reason that I can think of that connects the database to the forums.

zookeeper
12-11-2011, 03:19 AM
The forums are seperate from our Steam accounts yes?

I remember thinking it was pretty silly that I had to register for the forums when I already had a steam account. I guess, in theory, having them separate would add security. Or not.

Mistabashi
12-11-2011, 03:29 AM
Anyone got any info on this? Why would our info be available via a forum? I think the "We learned that intruders obtained access to a Steam database in addition to the forums." is a touch misleading. How exactly did they access a database that isn't connected to the forums? The forums are seperate from our Steam accounts yes?

Unless the moderators had access to that info to verify that forum posters actually bought the games that they were commenting on? Sounds a bit extreme but that's the only reason that I can think of that connects the database to the forums.

Seems pretty self explanatory to me; they learned the forums had been compromised, then when they investigated further they found out that something else has been accessed. There doesn't have to be a link between forum accounts and Steam accounts, if a hacker or hackers decide they are going to target someone they'll get whatever they can get, they won't restrict themselves to one angle of attack.

Heister
12-11-2011, 03:54 AM
Seems pretty self explanatory to me; they learned the forums had been compromised, then when they investigated further they found out that something else has been accessed. There doesn't have to be a link between forum accounts and Steam accounts, if a hacker or hackers decide they are going to target someone they'll get whatever they can get, they won't restrict themselves to one angle of attack.

So you also think that the database was accessed via the store? Which means the store was hacked? Why didn't Gabe just say that? Like I said, his message is a touch misleading.

And if the store was hacked, why didn't they shut it down like they did to the forums?

Mistabashi
12-11-2011, 04:46 AM
So you also think that the database was accessed via the store? Which means the store was hacked? Why didn't Gabe just say that? Like I said, his message is a touch misleading.

And if the store was hacked, why didn't they shut it down like they did to the forums?

I don't know what you mean by "accessed via the store", its all just information on Valve's servers, and as the message explains a database was accessed that has lots of (hashed and salted) user data. The message seems pretty frank and informative to me.

Shutting down the Steam service would be like closing the gate after the horse has bolted, the hackers already have the data but thankfully it was (as far as we know) all stored securely so it should be of little use to them.

Heister
12-11-2011, 04:59 AM
I don't know what you mean by "accessed via the store", its all just information on Valve's servers, and as the message explains a database was accessed that has lots of (hashed and salted) user data. The message seems pretty frank and informative to me.

Shutting down the Steam service would be like closing the gate after the horse has bolted, the hackers already have the data but thankfully it was (as far as we know) all stored securely so it should be of little use to them.

Really? Even though they closed the forums and the possibility of an exploit still exists? Did anyone else notice that the Store was never mentioned by Gabe? Even though the database contains all our cc details, purchase history etc. Unless the database was accessible via the forums.

Skalpadda
12-11-2011, 07:59 AM
Anyone got any info on this? Why would our info be available via a forum? I think the "We learned that intruders obtained access to a Steam database in addition to the forums." is a touch misleading. How exactly did they access a database that isn't connected to the forums? The forums are seperate from our Steam accounts yes?

This is pure speculation, but it's not hard to imagine that by breaching the forums they got their hands on the login info of a Valve employee who had been sloppy and used the same passwords for multiple work accounts which could let them access other things as well.

zookeeper
12-11-2011, 08:57 PM
It's now front page news on the BBC (http://www.bbc.co.uk/news/technology-15690187), but I still haven't had any contact from Valve regarding my potentially compromised information. No email, no pop ups, nothing.

Heister
13-11-2011, 02:26 AM
It's now front page news on the BBC (http://www.bbc.co.uk/news/technology-15690187), but I still haven't had any contact from Valve regarding my potentially compromised information. No email, no pop ups, nothing.

No email here. Not that I was expecting one.

About the pop-up. Just updated Steam and the first Update News msg (1 of 5) is the message from Gabe that you've probably already read.

Bhazor
13-11-2011, 02:43 AM
Why do companys even need to store credit card details on their servers? Surely thats the textbook example of burn after reading.

zookeeper
13-11-2011, 04:15 AM
Why do companys even need to store credit card details on their servers? Surely thats the textbook example of burn after reading.

Because you'll buy more if you don't have to get up to find your wallet. That's precious seconds where you might reconsider your impulse purchase.

vinraith
13-11-2011, 04:54 AM
Because you'll buy more if you don't have to get up to find your wallet. That's precious seconds where you might reconsider your impulse purchase.

Which is yet another reason why you shouldn't let them store said information, actually.

zookeeper
13-11-2011, 05:42 AM
Which is yet another reason why you shouldn't let them store said information, actually.

But that game I've heard of once or twice is slightly cheaper today!!!

Bhazor
13-11-2011, 12:13 PM
But that game I've heard of once or twice is slightly cheaper today!!!

Why for the first time in three years the game is slightly cheaper than amazons regular price! I must have it now!

Moraven
16-11-2011, 01:08 AM
Still no direct communication from Steam. Why has Valve not contacted anyone directly? Hell even Blizzard is telling people about it. Paypal and IGN phishing emails already. (Entertaining tho, like how I get battle.net scams to a non battle.net email)

At least Sony sent emails out (10 days after knowing of the breach). Been 9 days for Valve. Is the backlash less since they gave a indirect steam pop up to people after 4 days? (Only get pop ups when I leave a steam game)

vinraith
16-11-2011, 02:23 AM
This is roughly the level of customer service I've come to expect from Steam, to be honest.

Rii
16-11-2011, 02:58 AM
I'm liking my theory that Valve no longer has their customers' e-mail addresses more and more.

TillEulenspiegel
16-11-2011, 03:21 AM
On the upside, this whole fiasco has prompted me to switch to multi-factor authentication with Google and LastPass, the two absolutely indispensable accounts in my life. I was waiting anyway until I had a landline to use as a backup phone number, but it was good timing. I'm moving more and more stuff over to LastPass's randomly-generated passwords. And I've come up with a couple new, better passwords to use for accounts which need to be used outside a web browser. I'm even generating a new PGP key, just because my current one is getting a bit long in the tooth.

So thanks Valve, I guess. Your fuckup has prompted me to reevaluate and improve my security practices.

As for Steam, I haven't changed my password. It's the only account left with that particular password now. I don't want to give them another good password, and I really can't be bothered to remember a special one just for them. So I'm going to wait for that email which tells me someone has tried to log in to my account.