Steam Hacked, Valve Investigating Possible Credit Card Theft

[V_R]

I was wondering why the forums have been offline for nearly a week.......

Even though your Steam account is separate from your Steam forums account, this is why i made sure Steam Guard is active on my account.

A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were inside a database compromised during a defacement attack on the Steam forums this Sunday.

Valve is advising all of its Steam customers to keep close eye on their credit card activity, as those numbers were inside a database the hackers penetrated during the larger attack, Newell wrote. The Steam Forums are currently closed. Steam itself is operating.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Newell wrote. "We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."

The database exposed during the attack "contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," Newell said in the statement.

The Steam Forums are currently offline as Valve continues its investigation and recovers from the attack. When the forums return, all users will be required to change their passwords. Users who used the same password on the Steam Forums as they did on other sites are advised to change those passwords as well.

"We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password." Newell wrote.

"I am truly sorry this happened, and I apologize for the inconvenience," he said.

http://kotaku.com/5858473/

also...

 

[V_R]

More....

http://crave.cnet.co.uk/gamesgear/steam-hacked-valve-truly-sorry-50006035/

 

[floppybootstomp]

More integrity than Sony, that's for sure.

 

[Ian]

Shame this has happened, but it looks like they've gone the right way about handling this .

 

[Abarbarian]

Ditto the previous comments. A decent way for a company to react to an increasing problem.

 

[V_R]

10 February 2012
Dear Steam Users and Steam Forum Users:

We continue our investigation of last year’s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe

http://store.steampowered.com/news/7323/

 

[floppybootstomp]

Thanks for the update V_R. Looks like Steam are being quite open about what got nobbled. Well, I hope they are, they've certainly been more open than a lot of other similar companies would be in the circumstances.

 

[Ian]

Thanks V_R - glad to see that Steam are on the ball and have gone about this the right way!