GamesBeat

Valve’s Gabe Newell offers update on Steam security breach

Back in November, we learned that Valve’s online game-distribution service, Steam, had suffered a security breach. A letter to Steam users from co-founder and managing director Gabe Newell informed them that someone gained access to the Steam forums as well as the database containing user information. Valve began investigating the breach in hopes of learning whether any user information had been compromised. Today, the company offered an update.

It has hired outside security experts to investigate, and while there is no evidence of them having taken information from the Steam database, it’s is possible that the intruders did grab a backup file that included data about Steam transactions from 2004-2008. Within that file are usernames, emails, encrypted billing addresses, and encrypted billing information. The file did not contain Steam user passwords, Newell noted.

In a letter going out to Steam users, Newell said the following:

Dear Steam Users and Steam Forum Users

We continue our investigation of last year’s intrusion with the help of outside security experts.  In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database.  That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008.  This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised.  However as I said in November it’s a good idea to watch your credit card activity and statements.  And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities.  Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe

With the increased popularity of online gaming and digital distribution, there is always an increased risk of such hacker activity. Last year Sony’s PlayStation Network suffered a breach that put it out for several weeks. We’ve also heard of such problems with Xbox Live accounts being hacked and Microsoft going as far as putting freezes on said accounts as they investigated.


Don't let cyber attacks kill your game! Join GamesBeat's Dean Takahashi for a free webinar on April 18 that will explore the DDoS risks facing the game industry. Sign up here.

Topics >

blog comments powered by Disqus

GamesBeat is your source for gaming news and reviews. But it's also home to the best articles from gamers, developers, and other folks outside of the traditional press. Register or log in to join our community of writers. You can even make a few bucks publishing stories here! Learn more.

You are now an esteemed member of the GamesBeat community. That means you can comment on stories or post your own to GB Unfiltered (look for the "New Post" link by mousing over your name in the red bar up top). But first, why don't you fill out your via your ?

About GamesBeat