Valve: Steam Hacked, User Database Compromised

by Mike Bendel November 10, 2011 @ 3:05 pm

Following an intrusion on the Steam forums last weekend, Valve has since discovered that the breach runs deeper. Attackers gained access to a Steam database separate from the forums, which houses “user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

At this time, an investigation is still ongoing. Valve “does not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

Moreover, there have been no reported cases of compromised Steam accounts and as such, Valve is not forcing users to change their passwords at this time.

“We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely,” reads the email.

“While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.”

“We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password. “

Follow this author on .

hush404 says:

I'm getting a little fucking sick of needing to change and make up new passwords for every damn thing I join up to these days thanks to fucking hackers... That said, I'm glad I use paypal for steam and not a CC.

Trigun says:

PayPal isn't much better when it comes to certain things.

Still, I am all for Hackers showing stuff to the "Man!"

and stuff. But Valve and Steam? there is nothing to gain!!

hush404 says:

"The Man" ? Please. The only ones being hurt by this crap is the end users.

El Diablo says:

That's not true at all lol.

Abe Froeman says:

If the title of this article had the work Sony instead of Valve, all of the above replies from you guys would 300% more hateful.

FrozenIpaq says:

My thoughts exactly. It has been several days since the attack and they are just telling us about it now (granted they weren't fully aware of the extent of the breach at first). Surprise people aren't crying about how late the response it

slicer4ever says:

it's always going to be a cat and mouse game, but if things like this didn't happen, then it'd make company's get lazy when it comes to security, and hopefully the people doing this are just doing it for the kicks, and not really trying to grab cc's/passwords, but who knows.

El Diablo says:

Steam is the one thing that I have a different account name and password for than all of my other accounts in other things simply because of how old it is. I'm not worried about the account and password part of it, but my CC info is saved in it which I am a bit worried about. I think it was for Sony too and nothing happened from that, so I'm just hoping nothing happen again.

Dan says:

Has anybody heard anything on this? It's pretty annoying when we aren't being addressed on things as we should be.

El Diablo says:

I think the reason people aren't as up in arms about it as Sony is because their stuff (as far as we know) is actually encrypted and not just saved in plain text. Plus there's also Steamguard which means 2 separate things need to be compromised for them to get your account.

Dan says:

Ah okay, that makes me feel more at ease. It feels bad being 'done over' twice by hackers.

you say: