Valve Confirms Steam Security Breach

November 11, 2011 -

After a day or two of speculation, Valve has officially confirmed to the public that the Steam database suffered a security breach earlier this week. Valve Software co-founder and managing director Gabe Newell issued a statement to members letting them know what happened and if there might some concerns about the security of their Steam accounts. The take-away for Steam account holders is that passwords were "hashed and salted" and credit card information was encrypted. Still Newell cautions Steam users to pay attention to their account activity. The full statement is below:

"Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
"

As Newell noted in his statement, it never hurts to change your password. In fact changing your password regularly and not using the same password at multiple sites is always a good idea.

Source: VentureBeat

Posted in

Comments

Re: Valve Confirms Steam Security Breach

Not worried either until it's confirmed that credit card data was taken (from what I remember, they only said it was "accessed" and not necessarily "copied") and could easily be decrypted. Passwords are hashed and salted making them next to impossible to decrypt even with the salt key.

Re: Valve Confirms Steam Security Breach

If there's one thing positive to say about this whole debacle, it's that Valve takes their customer information seriously.  After the clusterf*** that was Sony this spring, I like the levels of security that Valve has and their pro-active steps they've taken.

It's also refreshing to see Valve being so forthright about what happened.  Honesty is, after all, the best policy.

Re: Valve Confirms Steam Security Breach

My questions are: WHO did this and WHY. While Hacktivism, plain old attacks or terror attacks are all too common nowadays, they are not all the same. Also a source of worry: No one claimed the attack yet. When someone claims it, it's usually part of an attempt to get attention. When no one does, well, they usually are either after secrets (like credit cards) or have something to prove.

Re: Valve Confirms Steam Security Breach

So, who's next?

Or, perhaps just as importantly, who have they attempted to breach and failed?

Because everybody's a target these days.

Re: Valve Confirms Steam Security Breach

I'm not worries since my account logged in seamlessly, still, this is alarming.

Re: Valve Confirms Steam Security Breach

The breach at Kotaku a while back prompted me to replace my "one or two passwords that I use everywhere" scheme with a system of different randomly generated passwords for each account, with a program to help me keep track of them.  So fortunately, I didn't have to change much this time.

 
Forgot your password?
Username :
Password :

Poll

Will Target Australia sell the next GTA game upon its release?:

Shout box

You're not permitted to post shouts.
Matthew Wilsonhttp://www.bloomberg.com/news/videos/2015-07-31/khan-academy-s-sal-khan-studio-1-0-full-show-7-30- not game related, but this is a good interview.07/30/2015 - 8:52pm
Goth_SkunkFinally, I never misspelled Chipman's name. So, feel free to try your luck again, but pick an opponent you can beat.07/30/2015 - 8:32pm
Goth_Skunk@Technogeek: I paid for the experience of the seat, and upon completion of the movie determined that the extra for the seat wasn't worth it. Additionally, your opinion is not law. You thinking the movie is crap does not make it so.07/30/2015 - 8:31pm
Craig R.1st I heard of Pixels was seeing trailer in theater. Was interested until Sandler appeared, then it became an instant 'Nope'.07/30/2015 - 4:52pm
james_fudgesick burns are not always allowed in the shoutbox.07/30/2015 - 4:28pm
MechaCrashIt's especially funny because I said "you'd have to be a moron to enjoy it," and Goth boasted about enjoying it, as if that does anything to change my opinion of the movie or of him.07/30/2015 - 4:19pm
TechnogeekMatthew: Back when that law was first implemented, I kept trying to come up with a scenario where it would be anything other than an unmitigatedd sisaster. Nothing ever came to mind.07/30/2015 - 4:16pm
Matthew Wilsonhttp://arstechnica.com/tech-policy/2015/07/new-study-shows-spains-google-tax-has-been-a-disaster-for-publishers/ no duh Sherlock!07/30/2015 - 4:10pm
TechnogeekI can't even make a joke about that. It's like poking fun at Donald Trump's hair.07/30/2015 - 4:01pm
TechnogeekSo you willingly paid more money than you needed to in order to watch a crappy Adam Sandler movie (but I repeat myself), just to spite a reviewer that you can't even spell the name of properly.07/30/2015 - 4:01pm
Goth_SkunkMy one regret was paying extra for a DVX seat, which jostles and vibrates in relation to the action on screen. What a waste of money.07/30/2015 - 3:55pm
Goth_SkunkYes, I did watch Pixels just to spite Chipman. I was originally going to see Minions, but moved it down the list. AND I ENJOYED IT. So nuts to you, MechaCrash.07/30/2015 - 3:44pm
Matthew Wilson@phx works fine for me, but I did it the long way. I upgraded, made a recovery drive, than did a full install.07/30/2015 - 3:24pm
Andrew EisenReally liking Child of Light so far (I play on console so UPlay isn't a concern). Gorgeous aesthetic with a fun presentation and battle system. So far, so good!07/30/2015 - 1:36pm
PHX CorpWell I'm offically on Windows 10 Laptop Wise(I had to download the Windows 10 Media tool from Microsoft to get it now rather than waiting for the update through windows update)07/30/2015 - 12:16pm
ZippyDSMleeI dunno I'd go to see it, seems liek dumb fun, better than half assed serious stuff that has so many holes large enough to drive mac trucks through(coughinterstellercouch).07/30/2015 - 10:58am
Andrew EisenGoth - Wait, you went to see Pixels just to spite Chipman?07/30/2015 - 10:49am
MechaCrashYou can see Pixels, which requires you to be a moron to enjoy it, or you can actually spend that time and money watching something actually good. Gosh, what a choice.07/30/2015 - 10:49am
benohawkHot damn, I'm sold. Why see something you can enjoy on multiple levels when you can nap through half the film and still get it all?07/30/2015 - 10:17am
james_fudgeSo what people are saying is PIXELS is a great movie to see if your are comatose.07/30/2015 - 9:47am
 

Be Heard - Contact Your Politician