Valve Confirms Encrypted Credit Card Info May Have Been Swiped in Last Year's Steam Security Breach - HotHardware
Valve Confirms Encrypted Credit Card Info May Have Been Swiped in Last Year's Steam Security Breach

Valve Confirms Encrypted Credit Card Info May Have Been Swiped in Last Year's Steam Security Breach

Gabe Newell, head of Valve, has begun emailing Steam users today to let them know he and his company continue to investigate last year's security breach in which hackers vandalized Steam's forums. He also wants to give users a heads up that a backup file containing encrypted credit card details and other personal information was likely stolen.

The email in its entirety reads:
Dear Steam Users and Steam Forum Users:

We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe

When the breach occurred in November of last year, Gabe sent out a similar email saying intruders obtained access to a Steam database containing personal and financial information, but that it was all encrypted and there was no evidence any of it was taken. Now we're finding out otherwise, three months after the fact.

If you're a Steam user, be sure to continue to monitor your financial records closely.
0
+ -

It's scary for those who put their information down; but depending on whether or not they crack the encryption, they'll be safe. I didn't put down my CC info at the time of attack so I don't have anything to worry about but if they do break the encryption for those compromised, then they'll have something to worry about.

0
+ -

Interesting to read this now, I'll have to go back and check my records, but I actually had some unauthorized charges late last year....took quite a while to get it fixed. And Valve did have my cc info, as I use(d) Steam to purchase games a lot. Haven't used my cc for stuff like that since. Now I just add some money to a prepaid card.

+1
+ -

Big deal. So long as its encrypted adequately there is no problem, unlike Sony who stored all of their customer details in cleartext.

Using standard PCs (and even GPU acceleration) its going to take hundreds to years to decrypt, and I'm pretty sure my CC expiry date comes well before then.

0
+ -

Lol...shows me to try to think when I first get up at night for work....big coincendence that my issue as stated above did happen at the end of November '11. But I missed the date range for the back up they got.....I am 99% positive I had a different card between 04-08 than what I had in Nov '11. Still never found out how they got it, guess it's just a lesson learned, thankfully it only turned out to be a hassle to fix, and didn't lose the money.(for long)

0
+ -

Lucky me.  I didn't get Steam until the end of 2008 (HL2 with my new PC, my glorious return to PC gaming), and even then I didn't buy anything for a while.  So I think I'm good.

Login or Register to Comment
Post a Comment
Username:   Password: