Following last Sunday’s attack on the Steam forums it has been confirmed that the intrusion might have compromised more data than initially thought.
Valve boss Gabe Newell confirmed that an investigation of the security breach revealed that the hackers also managed to access a Steam database which contained usernames, games purchased, email addresses, hashed and salted passwords, billing addresses and encrypted credit card information.
“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” said Mr Newell in a statement on the Steam forums. “We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”
The Steam forums are currently offline following the breach, which saw the forums defaced and a few accounts compromised. All users will be forced to change their forum passwords when they next attempt to login.
Steam accounts are separate from Steam forum accounts and are not believed to be compromised at this time. As such, no mandatory password reset will be enforced for Steam accounts. However, it is not a bad idea to change your password, especially if your Steam account password is the same as your Steam forum password.
The full statement from Gabe Newell can be read here.
Comments