Jack-of-all-trades game company Valve’s digital download platform Steam was hacked on Sunday, leaving customers uncertain about the fate of their private information. The company has updated its original assessment that the cyber attack did nothing more than deface public forums.
Valve has officially joined the ranks of Sony, Sega, Bethesda, Eidos and Codemasters. All of the above have seen their customers’ online data compromised this year.
Valve CEO Gabe Newell issued a statement to Steam users confirming their personal information – user names, email addresses and online purchases – was indeed compromised:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
Newell admitted that some Steam forum accounts were compromised. A mandatory password change has been implemented at the forum, he said, adding that users should go the extra mile and make sure their former passwords aren’t currently in-use anywhere else.
Since the breach also affected Steam itself, Newell urged customers to change those passwords, too. The Valve boss said he wouldn’t institute a similar forced password changes there without evidence those separate accounts were compromised. So far no reported instances of account hacking have been reported, he claimed.
The bad news didn’t stop gamers from gaming. The fifth entry in the popular “Elder Scrolls” series, “Skyrim,” was released on Steam today. So far, more than 130,000 Steam users have played the title. Steam’s forums were shutdown following the breach and have yet to reopen. (via Naked Security)