Valve Software bossman Gabe Newell released an update in regards to the studio's investigation into the Steam hack that took place last year. He said the investigation is still ongoing, and includes the help of outside security experts.
So far he stands firm on his previous announcement that intruders did indeed access the Steam database, but there's no evidence to suggest that credit card numbers and billing addresses were stolen. Still, Steam members should keep an eye on their credit card statements for suspicious activity nonetheless.
"Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008," he said on Friday. "This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."
"We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised," Newell adds. "However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well."
"We are still investigating and working with law enforcement authorities," he concludes. "Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now."
Newell said back in November that the intrusion which defaced the Steam forums was more than just graffiti on the wall, that hackers gained access to a Steam database in addition to the forums.
"This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," he said in November. "We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked."
Newell said he didn't know of any compromised Steam accounts, but suggested that users should change their passwords nonetheless.