Valve Confirms Steam Security Breach

November 11, 2011 -

After a day or two of speculation, Valve has officially confirmed to the public that the Steam database suffered a security breach earlier this week. Valve Software co-founder and managing director Gabe Newell issued a statement to members letting them know what happened and if there might some concerns about the security of their Steam accounts. The take-away for Steam account holders is that passwords were "hashed and salted" and credit card information was encrypted. Still Newell cautions Steam users to pay attention to their account activity. The full statement is below:

"Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
"

As Newell noted in his statement, it never hurts to change your password. In fact changing your password regularly and not using the same password at multiple sites is always a good idea.

Source: VentureBeat

Posted in

Comments

Re: Valve Confirms Steam Security Breach

Not worried either until it's confirmed that credit card data was taken (from what I remember, they only said it was "accessed" and not necessarily "copied") and could easily be decrypted. Passwords are hashed and salted making them next to impossible to decrypt even with the salt key.

Re: Valve Confirms Steam Security Breach

If there's one thing positive to say about this whole debacle, it's that Valve takes their customer information seriously.  After the clusterf*** that was Sony this spring, I like the levels of security that Valve has and their pro-active steps they've taken.

It's also refreshing to see Valve being so forthright about what happened.  Honesty is, after all, the best policy.

Re: Valve Confirms Steam Security Breach

My questions are: WHO did this and WHY. While Hacktivism, plain old attacks or terror attacks are all too common nowadays, they are not all the same. Also a source of worry: No one claimed the attack yet. When someone claims it, it's usually part of an attempt to get attention. When no one does, well, they usually are either after secrets (like credit cards) or have something to prove.

Re: Valve Confirms Steam Security Breach

So, who's next?

Or, perhaps just as importantly, who have they attempted to breach and failed?

Because everybody's a target these days.

Re: Valve Confirms Steam Security Breach

I'm not worries since my account logged in seamlessly, still, this is alarming.

Re: Valve Confirms Steam Security Breach

The breach at Kotaku a while back prompted me to replace my "one or two passwords that I use everywhere" scheme with a system of different randomly generated passwords for each account, with a program to help me keep track of them.  So fortunately, I didn't have to change much this time.

 
Forgot your password?
Username :
Password :

Poll

Whose next half decade of superhero films are you most looking forward to?:

Shout box

You're not permitted to post shouts.
Neo_DrKefkaAnyone remember that portrait from Resident Evil 1 in the gallery about a Middle Aged man full of worries? Anyone know the name of that portrait?10/31/2014 - 12:45am
MechaTama31Yeah, don't see myself getting a Vita or a PSTV...10/31/2014 - 12:04am
E. Zachary KnightWatch Ultron ruin all your Disney childhood memories in this How The Ultron Teaser Should Have Ended. https://www.youtube.com/watch?v=ra1sBRLRFtc10/30/2014 - 9:23pm
ZippyDSMleeConster:they finally made a working worth while PSP emulator.10/30/2014 - 8:10pm
quiknkoldMechatama31, you can get VC2 on the Vita and Vita TV. you have to buy it through PSN on PS3 and transfer it to vita and then playstation tv. I have it on my PS TV and it works10/30/2014 - 7:15pm
MechaTama31I loved Valkyria Chronicles. Still super cheesed off that the sequels were PSP-only... :/10/30/2014 - 6:57pm
ConsterI played Steamworld Dig on the 3DS, and it's pretty fun.10/30/2014 - 6:51pm
Matthew WilsonRECOMMENDED: OS: Windows 7 Processor: Intel Core2 Duo @ 2.8GHz (or equivalent) Memory: 3 GB RAM Graphics: NVIDIA GeForce GTX 280 (or equivalent) Hard Drive: 25 GB available space10/30/2014 - 5:49pm
Matthew Wilsonhere hare the system requirements. make of ithem what you will. MINIMUM: OS: Windows Vista/Windows 7 Processor: Intel Core2 Duo @ 2.0GHz (or equivalent) Memory: 2 GB RAM Graphics: NVIDIA GeForce GTS 240 (or equivalent) Hard Drive: 25 GB available spa10/30/2014 - 5:48pm
Andrew EisenStill a game I really want to play. Hope it's a solid port.10/30/2014 - 5:42pm
Matthew WilsonValkyria Chronicles pc port needs 25ggb. not bad exept this game came out in 08 on the ps3.10/30/2014 - 4:56pm
james_fudgeEZK: my sarcasm senses are tingling ;)10/30/2014 - 4:21pm
Andrew EisenIf it's any consolation, Xbox owners, Wii U owners don't get the game at all. And if we did, we'd probably never get the DLC.10/30/2014 - 4:19pm
MaskedPixelantehttp://kotaku.com/destinys-new-dlc-kinda-screws-over-xbox-players-1652294153 Sucks when the shoe's on the other foot, huh.10/30/2014 - 4:12pm
E. Zachary KnightSo a vocational school in Oklahoma is being evacuated because someone found a briefcase in the bathroom. Imagine that. A briefcase ina school. That's unpossible.10/30/2014 - 3:33pm
prh99Also, Nintendo wants to watch you sleep..for Science! (*in best Cave Johnson voice) http://arstechnica.com/gaming/2014/10/nintendo-wants-to-watch-you-sleep-for-science/10/30/2014 - 2:47pm
prh99I got it in a Humble Bundle, it's ok but the hype is definitely over blown. Also, only being able dig in the four cardinal directions made for some irksome digging..10/30/2014 - 2:38pm
E. Zachary KnightI enjoyed it. It was very short, but rewarding and fun.10/30/2014 - 2:35pm
Andrew EisenAgainst my better judgement (game looks boring to me), I purchased Steamworld Dig. It's highly praised and it was on sale. Hopefully I'll be wrong about it and think it's as awesome as everyone else.10/30/2014 - 2:09pm
quiknkoldhttp://www.pastemagazine.com/articles/2014/10/femme-doms-of-videogames-bayonetta-doesnt-care-if.html10/30/2014 - 1:15pm
 

Be Heard - Contact Your Politician