Game company Valve has just sent more information about the hacking attacks against its Steam service.
According to Valve's president Gabe Newell: "It is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."
Valve says it has no evidence that the information has been "compromised," so, presumably, the encryption is still in place. The company advises Steam users to "watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well."
The full text of Valve's email is under the "Read More" tag.
Dear Steam Users and Steam Forum Users
We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.
Gabe
Comments
Displaying 1–17 of 17
hellterskelter89
I just want to point out that it doesn't freaking matter if you pay extra for your services. The only thing that does is give you your own private servers that said company maintains. These cyber attacks, although this one is from the past, are going to be a real issue real soon. Did none of you guys see feedback when psn went down? Stuff like this happens ALL THE TIME and most often the companies don't even figure out what the hell was stolen. If the company comes forward and tells you whats what, at least give them credit for trying. Sheesh.
romxxii
thank God I use a prepaid credit card that I only load when I actually make purchases.
landonheat
I've been using my paypal to purchase my games.
Bloodthr0e
Look at all the fanboys trying to make up excuses for Valve.
crocodilius
wow, STEAM has been around since 2004?
where the f#ck have i been?
XwingVmanX
Don't worry my credit card # was stolen after 2008 so they got an out of date # lol
bubers
I care more about them getting credit card info more than my password.. These companies need to invest into some actual security..
DarkestPhoenix
Any Credit Card info from that long ago should no longer be valid anyways. Most people get new cards every 2-4 years, thus the 3 number pin on the back of the card is useless after that time period. So... some hacker MIGHT have gotten old credit card info. Not concerned, to say the least.
DPsx72 ShowHide(10 Replies)
I haven't touched Steam since HL2, if they want my account they can have it.
Would like to make a note though. PSN was hacked, nothing serious happened. Steam was hacked, nothing serious happened. Several other companies also experienced this and all the above were fairly clear about what was going on once they learned the scope of the issue. Meanwhile Live has been hacked, many accounts stolen, transferred and abused, it takes months to get back, and M$'s policy is to pretend nothing is happening. To top it off, we see that security isn't tied to how much you pay for the service. The free options are doing a far better job.
Do I really need to keep proving to everyone why M$ is the weakest choice?
hoof_hearted4
didnt have Steam at that time anyways so im all set. but if its encrypted, theres not much they could do with any info they got anyways.
Panic.exe
good thing it would take 1000's of year to break the encryption unless the algorithm is faulty whichis highly unlikely.
dracoraptor
It was atleast encrypted so in theory it shouldn't be visable
bigevilworldwide
Why would anyone still have a valid care from 2004-2008 though to begin with....But then again why to Valve and MS get a free pass yet Sony was crucified. Hell people are actually loosing money from the Xbox.com brute forcing accounts crap, yet it's alright that they don't take down their services to address the issue and even blame their customers.....Yet Sony took down their FREE service for 23 days to fix the issue and gave people A LOT of free stuff for the inconvenience of the FREE service being down for the 23 days. Yet it's all good to people when something happens with another company. This was 3 months ago a bit longer than Sony and the 6 days..... Oh and before we start the fanboy crap I own all 3 consoles.
Angelicsin87
Just goes to show it's never safe to put any personal info and the internet and online networks like PSN or Steam can be comprimised at any time.
Strychnine
Just canceled my old card. Thank goodness!
Setta
Wow, I didn't get Steam till late last year. So thankfully this don't affect me.
wolfman2010
Well Valve, thank you for the transparency. Glad I didn't have a credit/debit card until 2009 to begin with.
Displaying 1–17 of 17
Add a Comment