Valve Confirms Steam Security Breach

November 11, 2011 -

After a day or two of speculation, Valve has officially confirmed to the public that the Steam database suffered a security breach earlier this week. Valve Software co-founder and managing director Gabe Newell issued a statement to members letting them know what happened and if there might some concerns about the security of their Steam accounts. The take-away for Steam account holders is that passwords were "hashed and salted" and credit card information was encrypted. Still Newell cautions Steam users to pay attention to their account activity. The full statement is below:

"Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.
"

As Newell noted in his statement, it never hurts to change your password. In fact changing your password regularly and not using the same password at multiple sites is always a good idea.

Source: VentureBeat

Posted in

Comments

Re: Valve Confirms Steam Security Breach

Not worried either until it's confirmed that credit card data was taken (from what I remember, they only said it was "accessed" and not necessarily "copied") and could easily be decrypted. Passwords are hashed and salted making them next to impossible to decrypt even with the salt key.

Re: Valve Confirms Steam Security Breach

If there's one thing positive to say about this whole debacle, it's that Valve takes their customer information seriously.  After the clusterf*** that was Sony this spring, I like the levels of security that Valve has and their pro-active steps they've taken.

It's also refreshing to see Valve being so forthright about what happened.  Honesty is, after all, the best policy.

Re: Valve Confirms Steam Security Breach

My questions are: WHO did this and WHY. While Hacktivism, plain old attacks or terror attacks are all too common nowadays, they are not all the same. Also a source of worry: No one claimed the attack yet. When someone claims it, it's usually part of an attempt to get attention. When no one does, well, they usually are either after secrets (like credit cards) or have something to prove.

Re: Valve Confirms Steam Security Breach

So, who's next?

Or, perhaps just as importantly, who have they attempted to breach and failed?

Because everybody's a target these days.

Re: Valve Confirms Steam Security Breach

I'm not worries since my account logged in seamlessly, still, this is alarming.

Re: Valve Confirms Steam Security Breach

The breach at Kotaku a while back prompted me to replace my "one or two passwords that I use everywhere" scheme with a system of different randomly generated passwords for each account, with a program to help me keep track of them.  So fortunately, I didn't have to change much this time.

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
ZippyDSMleeuuuhhhggg in other news been sick since last night.....uuhggg.....I iwsh it did not hurt so much when my tummy wants to leave my body..02/28/2015 - 11:39pm
ZippyDSMleeBrings me to the Q why alt costumes would be needed in competition anyway... http://www.eventhubs.com/news/2015/feb/28/dead-or-alive-community-aims-ban-over-120-overly-sexualized-costumes-dead-or-alive-5-last-round/02/28/2015 - 11:36pm
MonteThough from a business side, i would agree with the article. While it would be smarter for developers to slow down, you can't expect EA, Activision or ubisoft to do something like that. Nintnedo's gotta get the third party back.02/28/2015 - 4:36pm
MonteThough it does also help that nintendo's more colorful style is a lot less reliant on graphics than more realistic games. Wind Waker is over 10 years old and still looks good for its age.02/28/2015 - 4:33pm
MonteWith the Wii, nintnedo had the right idea. Hold back on shiny graphics and focus on the gameplay experience. Unfortunatly everyone else keeps pushing for newer graphics and it matters less and less each generation. I can barely notice the difference02/28/2015 - 4:29pm
MonteON third party developers; i kinda think they should slow down to nintendo's pace. They bemoan the rising costs of AAA gaming, but then constantly push for the best graphics which is makes up a lot of those costs. Be easier to afford if they held back02/28/2015 - 4:27pm
Matthew Wilsonhttp://www.forbes.com/sites/insertcoin/2015/02/28/the-world-is-nintendos-if-only-theyd-take-it/ I think this is a interesting op-ed, but yeah it kind of is stating the obvious.02/28/2015 - 2:52pm
prh99The government probably doesn't need an app, but I was think more along the lines of a company that was going to sell the collected info. “If you're not paying for the product, you are the product” sometimes even if you pay.02/28/2015 - 1:50pm
E. Zachary KnightWhat better way for the government to keep track of you than to get you to install an app that lets you insult the government.02/28/2015 - 11:03am
prh99No, but I looked it up and it's basically spyware. Their privacy policy says their apps tracks among other things your location and browsing habits via cookies.02/28/2015 - 8:20am
Ryan RardinHas anyone here heard of an app called iCitizen? It's basically Yelp for politicians.02/28/2015 - 5:16am
Andrew EisenAh, not linked in the way you (and everyone else) want and expect. That's true.02/27/2015 - 10:06pm
Matthew Wilsonthey are not linked in a way that tracks purchases though. the fact that they have to send a code for the other system shows that they are not linked in the way it counts.02/27/2015 - 9:39pm
Andrew EisenAccounts are already linked. Have been for quite a while. Also, Mario vs. Donkey Kong was announced as a cross-buy title during last January's Nintendo Direct.02/27/2015 - 9:25pm
Matthew Wilsonhttp://www.vg247.com/20…/…/27/olli-olli-3ds-wii-u-cross-buy/ I wounder if this is a sign that Nintendo may finally link accounts across the 3ds/wiiu in the near future.02/27/2015 - 9:18pm
prh99http://www.romanoriginals.co.uk/invt/70931?colour=Blue The dress does comes in white and blue but both have black lace and a sheer back top, I don't see gold or brown. 02/27/2015 - 8:54pm
ZippyDSMleeDungeons was a so bad so good game to me so I been keeping up with its sequel which will more of a Dungeon Keeper clone. As for pre order out of 7 preorders I was not burnt by 2... Add my contempt of most of modern game design.Ya I have all kinds of hurt.02/27/2015 - 8:40pm
MechaTama31I don't even want to know...02/27/2015 - 8:22pm
ZippyDSMleeFun? I can do fun…. I think LOL. Dungeons 2 is on preorder but not via steam... >> Hell I am breaking all kinds of personal butthurt rules to even THINK about pre order...02/27/2015 - 8:12pm
E. Zachary KnightHad some fun discussions about that dumb dress on Facebook. I opened the original picture in GIMP and sampled the colors and determined them to be Blue and Gold. People still say I am wrong.02/27/2015 - 7:41pm
 

Be Heard - Contact Your Politician