Valve Confirms Steam Security Breach

November 11, 2011 -

After a day or two of speculation, Valve has officially confirmed to the public that the Steam database suffered a security breach earlier this week. Valve Software co-founder and managing director Gabe Newell issued a statement to members letting them know what happened and if there might some concerns about the security of their Steam accounts. The take-away for Steam account holders is that passwords were "hashed and salted" and credit card information was encrypted. Still Newell cautions Steam users to pay attention to their account activity. The full statement is below:

"Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
"

As Newell noted in his statement, it never hurts to change your password. In fact changing your password regularly and not using the same password at multiple sites is always a good idea.

Source: VentureBeat

Posted in

Comments

Re: Valve Confirms Steam Security Breach

Not worried either until it's confirmed that credit card data was taken (from what I remember, they only said it was "accessed" and not necessarily "copied") and could easily be decrypted. Passwords are hashed and salted making them next to impossible to decrypt even with the salt key.

Re: Valve Confirms Steam Security Breach

If there's one thing positive to say about this whole debacle, it's that Valve takes their customer information seriously.  After the clusterf*** that was Sony this spring, I like the levels of security that Valve has and their pro-active steps they've taken.

It's also refreshing to see Valve being so forthright about what happened.  Honesty is, after all, the best policy.

Re: Valve Confirms Steam Security Breach

My questions are: WHO did this and WHY. While Hacktivism, plain old attacks or terror attacks are all too common nowadays, they are not all the same. Also a source of worry: No one claimed the attack yet. When someone claims it, it's usually part of an attempt to get attention. When no one does, well, they usually are either after secrets (like credit cards) or have something to prove.

Re: Valve Confirms Steam Security Breach

So, who's next?

Or, perhaps just as importantly, who have they attempted to breach and failed?

Because everybody's a target these days.

Re: Valve Confirms Steam Security Breach

I'm not worries since my account logged in seamlessly, still, this is alarming.

Re: Valve Confirms Steam Security Breach

The breach at Kotaku a while back prompted me to replace my "one or two passwords that I use everywhere" scheme with a system of different randomly generated passwords for each account, with a program to help me keep track of them.  So fortunately, I didn't have to change much this time.

 
Forgot your password?
Username :
Password :

Poll

Will the FCC preempt state laws that limit municipal broadband services?:

Shout box

You're not permitted to post shouts.
Sora-ChanAmbassador program, that's what I was looking for. Anyway the other games that have been made no longer exclusive to the early adopters got updates in their software. It'll only be a matter of time more than likely for the GBA to get the same treatment.07/31/2014 - 5:35am
Sora-ChanI might be naming it incorrectly when I say "founder" i mean the program for earlier adopters.07/31/2014 - 5:34am
Sora-Chanthe 3DS's GBA emulator was a rush job due to the founder program. No other GBA titles have been released on the 3DS yet. If/When they do get around to it, they'll more than likely update the emulation software.07/31/2014 - 5:32am
Zenemulator...it's not just a slap job that makes "some" work..they do it for each which is why they work so well. I would rather have the quality over just a slap job.07/30/2014 - 5:48pm
ZenMatthew there is a difference between "worked" and "accurate". You play the Nintendo VC titles they play as damn close to the original as possible. The PSP would just run them as best they could, issues and all. And Masked...EACH VC title has their own07/30/2014 - 5:48pm
MaskedPixelanteOnce again, the 3DS already HAS a GBA emulator, it just can't run at the same time as the 3DS OS.07/30/2014 - 4:54pm
Matthew Wilsonyou cant street pass in ds mode ether, and if moders can make a gba emulator that runs very well on the psp as I understand it. you are telling me that Nintendo devs are not as good as moders?07/30/2014 - 4:49pm
Zenperformance. Halo 1 and 2 worked great because they actually did custom work on each of them...just like Nintendo does now lol07/30/2014 - 4:08pm
Zenexisting hardware while the GBA has to be emulated completely. Same reason the 360 couldn't run most Original Xbox games correctly, or had issues because they just did "blanket approach" for their emulation which led to game killing bugs or horrible07/30/2014 - 4:07pm
ZenSora/Matthew: It's not just Miiverse, but the whole idea of streetpass and things like that would be affected if the OS is not running. And just because a 3DS game can be downloaded and run does not mean that GBA can as easily. Those 3DS games use the07/30/2014 - 4:06pm
E. Zachary KnightSleaker, How is that different from every other credit card company targeting high school and college students?07/30/2014 - 1:40pm
Sleaker@EZK - I think some people are concerned beacuse it's a predatory technique targetted toward younger people that don't understand on top of offering the worst interest rates of any retailer around.07/30/2014 - 11:33am
MaskedPixelantehttp://www.joystiq.com/2014/07/30/europe-gets-long-detained-shin-megami-tensei-4-at-cut-price/ "Sorry you had to wait a year for SMT4, would a price cut make it sting less?"07/30/2014 - 10:29am
NeenekoI would hope not. Though it is not unheard of for store specific cards to be pretty good.07/30/2014 - 8:17am
E. Zachary KnightDoes anyone, or at least any intelligent person, expect a retail branded credit card to be anything close to resembling a "good deal" on interest rates?07/30/2014 - 7:13am
SleakerGamestop articles popping up everywhere about their ludicrous new Credit card offerings at a whopping pre-approval for 26.9% APR07/29/2014 - 10:19pm
Matthew Wilsonhttp://arstechnica.com/tech-policy/2014/07/podcasting-patent-troll-we-tried-to-drop-lawsuit-against-adam-carolla/ the podcasting patent troll scum is trying to turn tail and run.07/29/2014 - 9:50pm
MaskedPixelanteOf course it's improved. At launch, Origin was scanning your entire hard drive, but now it's just scanning your browsing history. If that's not an improvement, I dunno what is!07/29/2014 - 8:59pm
Papa Midnighthttp://www.escapistmagazine.com/articles/view/video-games/columns/experienced-points/12029-Has-EAs-Origin-Service-Improved-Any-Over-the-Last-Two-Years07/29/2014 - 8:25pm
Sora-ChanSo it's just a matter of having better emulation software. If it can be done with a 3DS game, with all the memory and what not it takes up, it can be done with a GBA title through emulation.07/29/2014 - 7:30pm
 

Be Heard - Contact Your Politician