Last year, insanely popular PC-centric digital distribution service Steam was hacked, and that users’ private information might be compromised. “We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders,” Valve said last year of the attack.
Now they do.
Valve has said it’s probable that last year’s security breach saw hackers make off with a backup of a database that includes some pretty damned identifying information – including user names, e-mail addresses, but that billing and credit card information is still safe. Don’t panic yet, because Valve says that information is securely encrypted, and that that p[articular info hasn’t been compromised.. Ooooer..that’s reassuring.
“We continue our investigation of last year’s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case,” Gabe Newell said in a letter to Steam users.
“Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
“We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
“We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.”
If you do use Steam – and if you play games on PC it’s highly unlikely that you don’t – it’s probably a wise idea to keep an eye on your credit card statements, and to change your associated logins and passwords.
Last Updated: February 13, 2012