Sign in with
Sign up | Sign in

Steam's Database Hacked, Info Possibly Stolen

By - Source: Tom's Hardware US | B 59 comments

Sunday Valve's Steam platform was accessed by hackers who may have run off with the personal information of all registered users, including credit card numbers.

Valve Software's Gabe Newell sent out a message to all Steam users around an hour ago warning about a hack into the database and the possible theft of personal information. Here's the entire message:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 34 Hide
    ben850 , November 11, 2011 2:19 AM
    Khimera2000Didnt we already go through this with Sony?


    Unlike Sony, Steam's data is encrypted with AES256. These hackers actually have a better chance at getting laid than to crack the data they stole.
  • 23 Hide
    unksol , November 11, 2011 2:21 AM
    Now if origin had gotten hacked I am sure your credit card and account would be up for sale.
  • 19 Hide
    maigo , November 11, 2011 2:17 AM
    Damn you EA!!!
Other Comments
    Display all 59 comments.
  • 10 Hide
    Khimera2000 , November 11, 2011 2:11 AM
    Didnt we already go through this with Sony?
  • 4 Hide
    AbdullahG , November 11, 2011 2:11 AM
    Son of a gun...
  • 19 Hide
    maigo , November 11, 2011 2:17 AM
    Damn you EA!!!
  • 18 Hide
    Anonymous , November 11, 2011 2:18 AM
    Quote:
    Didnt we already go through this with Sony?

    yea but it was more like, SURPRISE WE GOT HACKED LOL!
  • 34 Hide
    ben850 , November 11, 2011 2:19 AM
    Khimera2000Didnt we already go through this with Sony?


    Unlike Sony, Steam's data is encrypted with AES256. These hackers actually have a better chance at getting laid than to crack the data they stole.
  • 10 Hide
    unksol , November 11, 2011 2:19 AM
    Khimera2000Didnt we already go through this with Sony?


    Um... no... the got your email, and game purchase history. And billing address. Passwords and credit cards are encrypted. So... they got a whole lot of nothing.... hardly sony
  • 8 Hide
    thesnappyfingers , November 11, 2011 2:21 AM
    hmm, I have not received an email, but I'm not part of the forum.
  • 23 Hide
    unksol , November 11, 2011 2:21 AM
    Now if origin had gotten hacked I am sure your credit card and account would be up for sale.
  • 7 Hide
    ben850 , November 11, 2011 2:23 AM
    thesnappyfingershmm, I have not received an email, but I'm not part of the forum.


    I got my message when starting Steam today.
  • 17 Hide
    AbdullahG , November 11, 2011 2:24 AM
    unksolNow if origin had gotten hacked I am sure your credit card and account would be up for sale.

    EA already does that job with Origin...
  • 13 Hide
    4745454b , November 11, 2011 2:25 AM
    People mentioned this in the HardOCP thread as well. Its different for several reasons. One, Steam isn't denying/hiding it. They came forward, faster then Sony did as well btw, and admitted what happened. Two, assuming Steam isn't lying, the passwords and CC numbers were not stored as text. They (might) have the hash values or something like that, but not the numbers themselves. Hopefully. So yes it's similar to what happened with Sony in that they both got hacked, but the attitude of the companies along with how they stored data is VERY different.
  • 12 Hide
    Anonymous , November 11, 2011 2:31 AM
    [quoteDidnt we already go through this with Sony?[/quote]
    sony had all the info UNENCRYPTED. steam uses 256bit AES encryption so your info is safe.
  • 0 Hide
    Khimera2000 , November 11, 2011 2:43 AM
    True sony did all the worng things in such a spectacular way, and this mess up is no where near that scale, however what makes me nervous though is the thought that Big companies still have a set up that allowes hackers to take all of our information, regardless if its incripted, in one trip. I thought this was the big lesson of the sony attack, dont put all your stuff in one place, dont make it so people can get everything in one go. spreading out sensitive information so no one can get all of it at once was the most important thing I got out of Sony's mess up, and I thought that it would be one of the first thing companies would fix.

    Happy that its incripted this time though, at least its a move in the right direction. Sad that what I thought was one of the biggest mistakes was not thouroughly delt with. O well no ones perfect... or did I just miss the news on companies fixing this?
  • -2 Hide
    agnickolov , November 11, 2011 3:05 AM
    I got my replacement credit card in the mail two days ago already. The notice was about a third party data breach, but not where the breach occurred. Now I know that as well...
  • 6 Hide
    AbdullahG , November 11, 2011 3:12 AM
    kcorp2003are you stupid?

    Come down with herpa derpies I see?
  • -1 Hide
    alhanelem , November 11, 2011 3:20 AM
    not again with these hacking heists
  • 11 Hide
    gerchokas , November 11, 2011 4:04 AM
    xerrozFuck Valve


    Valve is one of the FEW companies I trust... Every online database can be hacked, but it's not like they can get all your info just a click away. Valve has surely taken measures against that; unlike Sony, these people really care about providing good software.
Display more comments