Valve has confirmed that the attacks on its forum late Sunday, which included its defacing before it was taken offline, extends beyond just user account details and includes personal information of those with Steam accounts.
"We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," said Gabe Newell, CEO of Valve in a statement released on its forum homepage.
The forum has remained offline since the attacks took place, and it is uncertain when normal posting will return. It is likely to remain offline while Valve finalizes its investigation into the breach. Unlike in previous hacks reported over the last year, passwords were hashed and salted so they should remain relatively safe even in the hands of the hackers -- although a short, simple password may still be vulnerable to a brute-force attack, depending on the level of encryption. Nevertheless, it would be good idea to take the opportunity to change them, and to re-enable SteamGuard for those that have it disabled.
"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Newell commented. He also stated that while they only had evidence of a few forum user accounts being compromised, the company will be forcing all users to change passwords when the forum comes back online.
Given that the hackers have the email addresses of at least some of its users it would also be very good practice to change the passwords of any other sites you frequent if the login details are the same. Users are reminded that SteamGuard is only effective if your email account remains secure, so those using the same passwords for both should change them immediately.
The handling of this incident is in stark contrast to the enormous controversy that centered around the intrusions on Sony earlier in the year, and again just last month. While inconvenient and frustrating, it appears that Valve has taken adequate precautions and has been honest to its users. It's also worth noting that while the Steam forums are down, Steam itself is working fine.