Steam Hacked, Valve Investigating Possible Credit Card Theft
by Craig Getting on November 10, 2011 8:38 PM ESTValve head Gabe Newell sent out a message today explaining that the breach of Steam's forums this past Sunday goes beyond the message boards and potentially includes Steam account information.
“We learned that intruders obtained access to a Steam database in addition to the forums,” wrote Newell. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”
Valve has yet to find evidence of illegal credit card activity, though they are of course investigating into what exactly was compromised in the breach. Anyone with a Steam account should keep a close eye on their credit cards just in case. It would also be a good idea to change your Steam account and forum passwords (they should be different), as well as double-check that you aren’t using those passwords elsewhere on the Internet.
And just to be safe, you may want to reset which computers can authorize your Steam account. Just head to “Settings” (“Preferences” for Mac users). Find the “Accounts” tab and click on “Manage Steam Guard Account Security”. From there you can deauthorize all computers with access to the account and reauthorize them as you see fit.
Steam is up and running, though the forums remain closed after Sunday’s attack.
No word from Valve on any plans for a giveaway-themed apology. The PlayStation Network outage did set a precedent with Sony "making good" by gifting select titles to its users, so I wouldn’t be surprised to find at least a few games up for grabs after Valve sorts this all out.
Source: PC Gamer
Facebook
Twitter
RSS
36 Comments
View All Comments
SpartanJet - Thursday, November 10, 2011 - link
Why didn't I see this before I pre purchased Elder Scrolls V. I would have went with the store version and broken ties with Steam altogether.sjael - Thursday, November 10, 2011 - link
Just a FYI; Skyrim is a Steamworks game, and thus *must* be activated on Steam.SlyNine - Friday, November 11, 2011 - link
Yea, but the issue is credit card theft. So big deal if you don't add a credit card.SlyNine - Friday, November 11, 2011 - link
And knowing that, I just bought Skyrim on steam. Hope the encryption holds out. (Don't know much about their encryption but if its anywhere near AES128 good luck with that).Besides your card could be stolen by the clerk at the store just as easily, you should always monitor your account and challenge purchases that you didn't make, Duh.
digitalzom.b - Friday, November 11, 2011 - link
Well, I've been reading quite often that they actually use AES256, so I think we're good.kmmatney - Friday, November 11, 2011 - link
Everytime you give your credit card to the waiter at a restaurant it's at risk. They just need to take a picture of the card with their phone, and they have the numbers. In Europe, the bring the credit card reader to the table at least.Ronakbhai - Saturday, November 12, 2011 - link
Yeah, actually my brother went to a restaurant with a couple of his friends, and a few weeks later they all had large charges on their accounts from another state across the country.piroroadkill - Monday, November 14, 2011 - link
AES256.http://i.imgur.com/UBi0S.png
You don't need to save your credit card details on Steam either. Just uncheck the box each time that says "Save my details".
Anonymous Blowhard - Monday, November 14, 2011 - link
> actual response from GabeNGood Guy Gabe:
- Makes Scrooge McDuck levels of money
- Still responds to everyday Joes emailing him directly
PCI DSS mandates some pretty serious guidelines around the storage of PAN and other payment card data.
KoolAidMan1 - Thursday, November 10, 2011 - link
Skyrim is a Steamworks game, you'd be using it whether or not you bought a physical copy