Steam Hacked: Information Potentially Compromised

Steam Hacked: Information Potentially Compromised

The database of Valve’s PC distribution platform Steam has been compromised by hackers.  We advise you change your password immediately before reading further into this story.

A message from Valve regarding the hacking attempt is being immediately IM’d to all Steam users. It says:

“Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

As I said at the start of this story, you should immediately go and change your Steam password if you use it for purchases using your credit card information. Valve said they don’t have evidence that anything was stolen, but it’s better to be safe than sorry.

The attack, initially believed to be just an effort to deface Valve’s Steam forums, was later found out by Valve to extend far beyond that, and actually entered the database where a lot of sensitive information is stored. Steam itself has upwards of 35 million users, so the full scale of this hack could be catastrophic unless (hopefully) encrypted credit card information was not accessed by the hackers.

The Steam attack comes after the catastrophic hacking scandal that plagued Sony earlier this year, taking the PSN down for weeks. Here’s hoping Valve can bolster the system and fortify the Steam borders against hackers quicker and with less annoyance.

The full message from Gabe Newell of Valve reads as:

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

 

 

Comments are closed.