Prevent scam with your board

[Pichwise]

Hello, I registered on a forum today with my same information from Steam as requested by the board, got emailed a link with my ID and password in it and saw it was send by an @hotmail.com, which can every mails be readed by the hotmail.

In-Global : I lost my Steam Account, trying to recover it.

Is there a way to fix that shet to prevent it happening in the next time?

Since now, I don't think I'll register on any SMF anymore until this is resolved.

[Adrek]

How this can be SMF fault?  You should NOT use the same password with the same username on other site.
Saying that on registration they asked for using password and username from Steam is already suspicious, and owner of this site is scamming people.

[Pichwise]

I have like 3 passwords in total, do you really think I'll start a new password for a forum? No why would I? Habitually passwords are SHA1ed, but it seems there still a way to bypass this which is the PLATFORM problem and here a simple example : PS3, when it got hacked, if you lost your credit card was it YOUR fault for not buying a rechargeable credit card or was it Sony fault?

[Arantor]

If you use the same password across multiple services, and one of them is broken into, you really do only have yourself to blame for not taking more care to protect yourself.

[Kindred]

well, it is pretty stupid to use the same password across multiple services. So, YES, we expect people to handle their own account security to a point.

However, that being said, it sounds like the OP actually registered to a SMF run forum that has a steam integration installed, which asked him specifically to use his steam login...   In which case he did as asked so that his steam account could be tied to his forum account.

As for the hotmail comment, I have no idea what he's talking about....   SMF sends emails from the email as configured on the forum server. I guess that an admin could configure it to send through hotmail - although why one would so so escapes me..... and the OP can hardly blame SMF itself for whatever stupid configuration the admin has done to bypass the normal settings.
Finally...   does Standard SMF even send the password in email?   I don't think that it does (at least it never has for any forum I run or have registered on.)
If I am correct, then once again, the OP can blame the silly admin for bypassing normal processes.

[Adrek]

Just to clear something - Steam does not require password and username to log in on 3'rd party website, if integration is correct you only need to be logged in on you steam account.

There are many examples, here's one: http://www.steamtrades.com
When you click on Sign in button you'll be redirected to Steam page, and only if you agree you can login to this site. Password and username is not required.

[IchBin™]

Sounds like they are trying to just get access to your steam account. In particular if after you registered you suddenly can't access your steam account...

[Pichwise]

Can I just say that's the problem IS not my steam account? There a security problem and anyone that can make you register can get your informations.

[Arantor]

Well, this *still* isn't an SMF problem because it can't be reproduced on a normal SMF site, which suggests it is set up specifically for that site, and that that individual site might have a problem.

[busterone]

I find it odd that a site is being accused or at least insinuated to be a security risk, yet the url to this site has not been revealed. 

[Arantor]

Nah, that's the usual innuendo and cloak-and-dagger and general throwing of accusation without ever wanting to back it up with proof. I will be equally as vague in making pronouncements

[busterone]

indeed. 

[Kindred]

and I repeat, for the complainant who can't be bothered to read and understand before flying off the handle.

well, it is pretty stupid to use the same password across multiple services. So, YES, we expect people to handle their own account security to a point.

However, that being said, it sounds like the OP actually registered to a SMF run forum that has a steam integration installed, which asked him specifically to use his steam login...   In which case he did as asked so that his steam account could be tied to his forum account.

As for the hotmail comment, I have no idea what he's talking about....   SMF sends emails from the email as configured on the forum server. I guess that an admin could configure it to send through hotmail - although why one would so so escapes me..... and the OP can hardly blame SMF itself for whatever stupid configuration the admin has done to bypass the normal settings.
Finally...   does Standard SMF even send the password in email?   I don't think that it does (at least it never has for any forum I run or have registered on.)
If I am correct, then once again, the OP can blame the silly admin for bypassing normal processes.

In more clear language -
This is not a problem with SMF. Period. Your complaints need to be pointed at the admin of whatever forum your tried to register on, since that is a modified forum running mods and edits unsupported by simplemachines.org which may (or may not) compromise their security.

[Moerpot]

I have like 3 passwords in total,

only three (3). ha ha ha

Up to date, after registering for SMF I have a total of 391 passwords and each place have it's own unique username! Plus, I have 28 Email addresses with their own passwords, Usernames etc. Have 5 Domains with emails and FTP accounts for up to about 30 user accounts with their...

Wake up man: The thieves are out there, just waiting for someone like you.

[Arantor]

As outlined above, this is not something we can fix.