Steam’s November 2011 Security Compromise Revisited

 

Some of you might remember when the forums for Valve Software's popular Steam service went down to due to a security breach last November.

At the time, Valve confirmed that the hackers gained access to usernames and passwords to the Steam forums, which are entirely separate from the popular digital storefront. However, an e-mail sent from Valve founder Gabe Newell earlier today indicates that the hackers got more than just some forum information.

Newell's message reveals that a backup file containing Steam's transaction history from 2004 to 2008 was also stolen. This transaction record includes Steam usernames, and encrypted billing addresses and credit card information. Passwords were not included in the stolen backup file.

While this new information is cause for concern, you don't have to call up your bank in a fit just yet. Valve does not have any evidence that the encryption used on your billing information has been broken. It's still a good idea to keep an eye out for unusual activity in your credit card statement, just in case.

Finally, I want to stress that this is further information about November's compromise. This is not a new event. If you changed your password back in November, use Steam guard (e-mail authentication when you log into steam from a new IP address), and haven't noticed any unusual activity on your credit card, there is no need for any further action.