Valve confirms user data was stolen in Steam hacking

[Leeky]

Valve has confirmed that the attacks on its forum late Sunday, which included its defacing before it was taken offline, extends beyond just user account details and includes personal information of those with Steam accounts.

"We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," said Gabe Newell, CEO of Valve in a statement released on its forum homepage.

The forum has remained offline since the attacks took place, and it is uncertain when normal posting will return. It is likely to remain offline while Valve finalizes its investigation into the breach. Unlike in previous hacks reported over the last year, passwords were hashed and salted so they should remain relatively safe even in the hands of the hackers -- although a short, simple password may still be vulnerable to a brute-force attack, depending on the level of encryption. Nevertheless, it would be good idea to take the opportunity to change them, and to re-enable SteamGuard for those that have it disabled.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Newell commented. He also stated that while they only had evidence of a few forum user accounts being compromised, the company will be forcing all users to change passwords when the forum comes back online.

Given that the hackers have the email addresses of at least some of its users it would also be very good practice to change the passwords of any other sites you frequent if the login details are the same. Users are reminded that SteamGuard is only effective if your email account remains secure, so those using the same passwords for both should change them immediately.

The handling of this incident is in stark contrast to the enormous controversy that centered around the intrusions on Sony earlier in the year, and again just last month. While inconvenient and frustrating, it appears that Valve has taken adequate precautions and has been honest to its users. It's also worth noting that while the Steam forums are down, Steam itself is working fine.

Permalink to story.

https://www.techspot.com/news/46224-valve-confirms-user-data-was-stolen-in-steam-hacking.html

 

[gwailo247]

I feel like I should have gotten an e-mail about this from Valve. I shouldn't have to read other sites to find out about it.

 

[dustin_ds3000]

i got a notification within steam it self.

 

[lchu12]

Same here, I got an notification from Steam itself.

 

[yukka]

I havent logged into steam for a few days. Valve should have sent out an email about this.

 

[gwailo247]

No, I got nothing from within Steam. But still, they shouldn't rely on that, an e-mail is needed.

 

[LNCPapa]

I got a popup as soon as Steam launched last night.

 

[cliffordcooley]

Maybe your account wasn't compromised, if you didn't get a notification.

I just loaded Steam and didn't see a notification either.

 

[Guest]

Yup, I received a popup in Steam immediately when they sent it last night. No worries, everything was encrypted, they won't be able to decrypt it... Even if you used the same password on your Steam account, well assuming you enabled Steam guard, no one will be able to enter it.

My Steam username is: mike77 , my password is: 2Elm_treE34

If you try to login it will request the verification code that will be sent to my email. My email has a different password. Good luck.

 

[motrin]

guest trust too much...

 

[gwailo247]

I logged off and logged back on and it finally popped up. And I can get 10% off Jurassic Park!

Win and Win!

 

[madboyv1]

My steam password and my email password are different to begin with and I already have SteamGuard enabled, but for good measures I'll still change my password on steam and keep an eye on my bank statements (though I think I've always used paypal, but I can't remember).

 

[Relic]

An e-mail would've been nice but still props to Valve for actually sharing this information and not sitting on it for weeks before coming clean. I use SteamGuard and different passwords for pretty much everything like most here, but I guess changing them now wouldn't hurt.

 

[Guest]

I wonder if any SONY haters are here right now.? hhhmmm! Goes to show when a person digs a hole hoping for other companies to go down, they better dig 2.

Who's lol now? Hackers are criminals. I hate them same as I hate mosquitoes.

 

[LNCPapa]

ROFL - I really enjoyed this quote.

I logged off and logged back on and it finally popped up. And I can get 10% off Jurassic Park!

Win and Win!

 

[Guest]

@motrin: I guess you never watched that video where Gabe gave out his account name and password, showing how confident he was in Steam Guard's effectiveness.

 

[spydercanopus]

At least give us a free game after we bend over for you, Steam.

 

[Guest]

That was only meter of time until some thing like that happens.