Gabe Newell Gives Update on Steam Hack of 2011

Valve Software bossman Gabe Newell released an update in regards to the studio's investigation into the Steam hack that took place last year. He said the investigation is still ongoing, and includes the help of outside security experts.

So far he stands firm on his previous announcement that intruders did indeed access the Steam database, but there's no evidence to suggest that credit card numbers and billing addresses were stolen. Still, Steam members should keep an eye on their credit card statements for suspicious activity nonetheless.

"Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008," he said on Friday. "This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."

"We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised," Newell adds. "However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well."

"We are still investigating and working with law enforcement authorities," he concludes. "Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now."

Newell said back in November that the intrusion which defaced the Steam forums was more than just graffiti on the wall, that hackers gained access to a Steam database in addition to the forums.

"This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," he said in November. "We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked."

Newell said he didn't know of any compromised Steam accounts, but suggested that users should change their passwords nonetheless.

  • Hax0r778
    I appreciate that Valve is communicating really well about this problem (way better than Sony did after they were hacked). Now why can't they communicate this well about HL3?
  • manchuwarrior
    I'm not surprised about the recent update since the hacked FBI call mentions the Steam situation.
  • cliffro
    I'm glad my bank decided to send me another debit card because some 3rd party they worked with was compromised, It covers both breaches for me.
  • fonzy
    It's funny, it doesn't matter what happens over at valve it always comes back to HL3.
  • joytech22
    Sony gets hacked: Unencrypted card details stolen, network goes down for weeks.

    Valve gets hacked: Old backup file and encrypted card details stolen, no noticeable problems except forum was closed for a while.
  • alidan
    someone got my account and tried to get access for a while... annoying that i had to change my password.
  • kjsfnkwl
    Oh, so I have nothing to worry about because I made my account in 2009. That's a relief.
  • tolham
    this is why i don't let websites save my credit card info.
  • buckcm
    I don't know about getting hacked, but I think this phishing website under the guise of "Steam Works" and "Valve Software" nailed me for a bunch of transactions between Christmas and New Years last year. Apparently an investigation is ongoing by EA.
  • ltdementhial
    Hax0r778I appreciate that Valve is communicating really well about this problem (way better than Sony did after they were hacked). Now why can't they communicate this well about HL3?
    Oh din't you know? Valve cant count to 3...they're ashamed of that and doesnt anyone to know it.

    Excuse my lame english