Valve head Gabe Newell sent out a message today explaining that the breach of Steam's forums this past Sunday goes beyond the message boards and potentially includes Steam account information.

“We learned that intruders obtained access to a Steam database in addition to the forums,” wrote Newell. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

Valve has yet to find evidence of illegal credit card activity, though they are of course investigating into what exactly was compromised in the breach. Anyone with a Steam account should keep a close eye on their credit cards just in case. It would also be a good idea to change your Steam account and forum passwords (they should be different), as well as double-check that you aren’t using those passwords elsewhere on the Internet.

And just to be safe, you may want to reset which computers can authorize your Steam account. Just head to “Settings” (“Preferences” for Mac users). Find the “Accounts” tab and click on “Manage Steam Guard Account Security”. From there you can deauthorize all computers with access to the account and reauthorize them as you see fit.

Steam is up and running, though the forums remain closed after Sunday’s attack.

No word from Valve on any plans for a giveaway-themed apology. The PlayStation Network outage did set a precedent with Sony "making good" by gifting select titles to its users, so I wouldn’t be surprised to find at least a few games up for grabs after Valve sorts this all out.

Source: PC Gamer

Comments Locked


View All Comments

  • imaheadcase - Friday, November 11, 2011 - link

    Paypal is terrible terrible company. Who uses them anymore is crazy.

    I've lost count of the people screwed over by them, and not just in the news, personal friends just because paypal did not like how the funds was obtained, or even used.

    I know someone who had ebay account CLOSED because someone gave bad feedback claiming the item was stolen, we are talking about 4 pairs of jeans for $10 each. They then closed paypal account with over $2k in it.
  • B3an - Friday, November 11, 2011 - link

    WTF Proxy711? DONT use Paypal you tool. They have stolen money from me, and it wasn't a small amount. This is normal for them.
  • Earthmonger - Friday, November 11, 2011 - link

    Even though Paypal is shady is some regards, this is why I use it. Steam doesn't have my CC info. The only thing I'm worried about here is spam email. I should have used one of my less important accounts.
  • B3an - Friday, November 11, 2011 - link

    Cant beleive you think you're actually better off with Paypal than steam. What a joke. Not only have Paypal been breached before but they will take money off you, suspend your account, or not allow funds whenever they feel like it. They're thieves. Theres even multiple sites set up for people that have had Paypal steal from them.
  • Rand - Friday, November 11, 2011 - link

    I had two attempts by some unknown person to log into my Steam account tonight, SteamGuard protected me but given the timing and the fact that no one else aside from myself knew my password it seems awfully likely that some account passwords have been successfully stolen.

    I strongly recommend changing your Steam account password if you haven't already.
  • Syphadeus - Friday, November 11, 2011 - link

    You know what, in this day and age when consumers have to sign their lives away by agreeing to EULA and contractual aspects of Data Protection it seems completely unfair that there aren't harsher penalties for these companies. They take your data, important information and frankly they are not taking sufficient measures to protect it. "Sufficient" is a term in this industry that will change every day. As hackers become more advanced so to must the protection of said data in order to constitute being protected.

    So what happens? Does the company get fined? No. They just apologise, and to hell with the data that is stolen and whoever stole it. That's just not good enough. These companies should be independently audited on this criteria and if they fail, they should be legally forced into reviewing their security and and taking necessary remedial action.

    I don't give a damn that HL2 was stolen from them, but they should have learnt from that because they didn't half whine about it. They don't seem anywhere near as caring when the data stolen doesn't impact them in the same way. Disgraceful.
  • piiman - Friday, November 11, 2011 - link

    Its virtually impossible to stop hacking. Steam at least has the info encrypted and salted so the chances of them actually being able to use it is slime to none. What gets me is they claim they didn't hack Steam but the forums yet they got a data base with account and cc info. So does Steam keep this info on there forums servers?? It seems obvious to me they did access Steam also.

    I think companies need to stop storing CC info and make us enter it EVERY TIME. I know it might be a pain but its much safer. At least give me the option to not store my CC info like some sites do.
  • piroroadkill - Friday, November 11, 2011 - link

    You can on Steam. I never saved my data.
  • piiman - Friday, November 11, 2011 - link

    really? I'll have to look harder. I know they only save one but I've never seen the do not save option. will look into it for sure. Thanks
  • imaheadcase - Friday, November 11, 2011 - link

    Its not really a problem, the only problem with them getting the actual CC info is slim to none. However even if they did its still not a big deal, CC company will just cancel out the charges and send you a new one.

Log in

Don't have an account? Sign up now