Valve Confirms Steam Security Breach

November 11, 2011 -

After a day or two of speculation, Valve has officially confirmed to the public that the Steam database suffered a security breach earlier this week. Valve Software co-founder and managing director Gabe Newell issued a statement to members letting them know what happened and if there might some concerns about the security of their Steam accounts. The take-away for Steam account holders is that passwords were "hashed and salted" and credit card information was encrypted. Still Newell cautions Steam users to pay attention to their account activity. The full statement is below:

"Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe."

As Newell noted in his statement, it never hurts to change your password. In fact changing your password regularly and not using the same password at multiple sites is always a good idea.

Source: VentureBeat

Posted in

Comments

Re: Valve Confirms Steam Security Breach

Submitted by djnforce9 on Mon, 11/14/2011 - 14:59.

Not worried either until it's confirmed that credit card data was taken (from what I remember, they only said it was "accessed" and not necessarily "copied") and could easily be decrypted. Passwords are hashed and salted making them next to impossible to decrypt even with the salt key.

Re: Valve Confirms Steam Security Breach

Submitted by ddrfr33k on Sun, 11/13/2011 - 10:16.

If there's one thing positive to say about this whole debacle, it's that Valve takes their customer information seriously. After the clusterf*** that was Sony this spring, I like the levels of security that Valve has and their pro-active steps they've taken.

It's also refreshing to see Valve being so forthright about what happened. Honesty is, after all, the best policy.

Treasure bin: Cult Hits, chea pass gaming options, and rants about gaming in general

Re: Valve Confirms Steam Security Breach

Submitted by DorthLous on Fri, 11/11/2011 - 17:25.

My questions are: WHO did this and WHY. While Hacktivism, plain old attacks or terror attacks are all too common nowadays, they are not all the same. Also a source of worry: No one claimed the attack yet. When someone claims it, it's usually part of an attempt to get attention. When no one does, well, they usually are either after secrets (like credit cards) or have something to prove.

Re: Valve Confirms Steam Security Breach

Submitted by Craig R. on Fri, 11/11/2011 - 16:01.

So, who's next?

Or, perhaps just as importantly, who have they attempted to breach and failed?

Because everybody's a target these days.

Re: Valve Confirms Steam Security Breach

Submitted by hellfire7885 on Fri, 11/11/2011 - 13:44.

I'm not worries since my account logged in seamlessly, still, this is alarming.

Re: Valve Confirms Steam Security Breach

Submitted by MechaTama31 on Fri, 11/11/2011 - 12:47.

The breach at Kotaku a while back prompted me to replace my "one or two passwords that I use everywhere" scheme with a system of different randomly generated passwords for each account, with a program to help me keep track of them. So fortunately, I didn't have to change much this time.

Shout box

MechaTama31: Of course, I'm looking at these tweets in isolation, I don't know a thing about the guy.10/19/2014 - 7:06pm

MechaTama31: If anything, the sarcastic implication seems to be that the SJW crowd is bringing back the bullying of nerds. But it's the GGers who are out for his blood? I'm lost...10/19/2014 - 7:01pm

MechaTama31: I don't really get this Sam Biddle thing. The reaction to his tweets seems to be taking them at face value, but... they're tongue in cheek. Right?10/19/2014 - 7:00pm

Andrew Eisen: I have it. The problem, so far as I can tell, is neither of them allow me to overlay my webcam feed or text links to my Extra-Life fundraising page.10/19/2014 - 4:08pm

quiknkold: and yes, its free10/19/2014 - 4:05pm

quiknkold: should grab Hauppauge capture. has mic support and can upload directly to youtube10/19/2014 - 4:05pm

Andrew Eisen: The former.10/19/2014 - 4:00pm

quiknkold: was it StreamEez, or the StreamEez feature in Hauppauge Capture? cause I know Capture has alot more support from the devs.10/19/2014 - 3:54pm

Andrew Eisen: I actually tried StreamEez last week. Flat out didn't work.10/19/2014 - 3:53pm

quiknkold: I use the Hauppauge Capture software's StreamEez. Arcsoft showbiz for recording. I just streamed a few hours of Persona 4 Golden with zero problem using the program. Xsplit is finniky when it comes to Hauppauge10/19/2014 - 3:40pm

Andrew Eisen: Trying to capture console games and broadcast with Open Broadcaster System because I've had technical difficulties using XSplit 3 weeks in a row.10/19/2014 - 3:37pm

quiknkold: and what are you trying to capture?10/19/2014 - 3:31pm

quiknkold: same one I have. ok. what program are you using?10/19/2014 - 3:31pm

Andrew Eisen: Haupaugge HD PVR 210/19/2014 - 3:28pm

quiknkold: What Capture Card are you using, Andrew10/19/2014 - 3:26pm

quiknkold: I know Biddle isnt Kotaku. he's just a employee. Its up to Kotaku if they want to punish him for being a public representative of Kotaku...well...I wouldnt be against it.10/19/2014 - 3:26pm

Andrew Eisen: Lovely, my capture card is not (yet) compatible with the broadcaster I want to use. Let's hope my workaround works!10/19/2014 - 3:19pm

Andrew Eisen: If you find Biddle's statement off-putting, then you're certainly directing your distaste at the correct entity.10/19/2014 - 3:18pm

quiknkold: as somebody who once had his skull fractured behind a grocery store as a kid because I was a nerd. Sam Biddle can eff himself with barbwire10/19/2014 - 2:59pm

Matthew Wilson: I dont agree with it, but that doesnt mean its not true sadly.10/19/2014 - 2:36pm

All shouts

<< Return To Top

Forgot your password?
Username :
Password :