Steam, the online gaming distribution system we know and love, announced back in November that they’d been the victim of a security breach. At the time, it was reported that the hacker had accessed the Steam user database, but that no information appeared to have been compromised. However, the ongoing investigation seems to indicate that it might be worse than originally thought.
Last Friday, Valve’s co-founder Gabe Newell wrote that it appears that the intruder was able to copy a backup file of user transactions from 2004 through 2008. This apparently contains email addresses, user names, and encrypted billing addresses and credit card information. Thankfully, it seems Steam password information remains secure.
The intrusion could be compared to the recent attack on Zappos, where information was accessed but encrypted.
Newell goes on to say that it appears credit card and billing information remain secure, and that there have not been any reports of unauthorized transactions stemming from the intrusion. What Newell doesn’t say, but was discussed in a FBI conference leaked by Anonymous, is that 15 year-old hacker TehWongZ is currently in custody over the attack.
As always, it’s probably smart to keep an eye on your credit card receipts. Here’s the full text of Newell’s blog post:
Dear Steam Users and Steam Forum Users:
We continue our investigation of last year’s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.
Gabe
- Original report of the November Steam hack
- Anon leaks FBI phone call to Scotland Yard
- Zappos hacked, 24 million users affected
