Online gaming platform Steam has been hacked

11 Nov 2011

Hackers have accessed online gaming site Steam’s database, which has user names, credit cards, email addresses and billing addresses. No evidence of credit card misuse has been found.

Game developer Valve, creator of Steam, took the Steam forum offline after odd messages appeared on 6 November.

ZDNet reports that Gabe Newell, managing director of Valve, emailed users to tell them that after investigating the forum abnormalities, they discovered an intrusion in the Steam database.

He said there was currently no evidence of credit card numbers or personal information having been taken. Nonetheless, he recommended that users watch their credit card activity and statements closely.

“We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit-card information,” said Newell.

“We do not have evidence that encrypted credit-card numbers or personally identifying information were taken by the intruders, or that the protection on credit-card numbers or passwords was cracked. We are still investigating,” he said.

Newell said they only know of a few forum accounts infiltrated and that all forum users must change their passwords when they next log in. He also recommended that forum members change passwords on other accounts if they used the same one they have for the Steam forum.

He said they were unaware if Steam accounts were compromised, so users will not be forced to change their Steam passwords. However, he recommended that users do this, just in case.

“I am truly sorry this happened, and I apologise for the inconvenience,” said Newell.