Steam Hacked, Valve Investigating Possible Credit Card Theft
A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were inside a database compromised during a defacement attack on the Steam forums this Sunday.
Valve is advising all of its Steam customers to keep close eye on their credit card activity, as those numbers were inside a database the hackers penetrated during the larger attack, Newell wrote. The Steam Forums are currently closed. Steam itself is operating.
"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Newell wrote. "We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."
The database exposed during the attack "contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," Newell said in the statement.
The Steam Forums are currently offline as Valve continues its investigation and recovers from the attack. When the forums return, all users will be required to change their passwords. Users who used the same password on the Steam Forums as they did on other sites are advised to change those passwords as well.
"We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password." Newell wrote.
"I am truly sorry this happened, and I apologize for the inconvenience," he said.
anyone with a STEAM ACCOUNT!
What We Know About the Steam Hack and What You Should Do
Today Valve told us that their cloud-based Steam service has been compromised, and that users' personal information and credit card information could be at risk.
Here are some common questions we've been getting, and the best answers we can provide given what we know. We are monitoring the situation and have reached out to Valve for more information. We'll update as we learn more.
Wait, Valve Was Hacked?
Steam, specifically. Here's what we know.
Is my credit card compromised?
Valve isn't sure. According to the email we received, the hackers gained access to a database that included user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and yes, encrypted credit card information.
Valve does not have evidence that the encrypted credit card numbers or personal information were actually taken by intruders, nor that the intruders have the means to crack the encryption. Valve reports that they don't have any evidence of credit card misuse at this time and are "still investigating."
When did Valve know about this?
Valve started investigating after their forums were defaced this past Sunday, November 6th. It's unclear when exactly they realized that the intruders had also gained access to a Steam database.
Who is responsible?
No one knows, and no one has claimed responsibility. It is suspected that a site called Fkn0wned.com had something to do with Sunday's forum defacement.
Should I change my Steam Password?
It couldn't hurt, might as well take this opportunity to change your Steam password. It's really simple—on PC, open Steam and go to "Settings" in the "Steam" menu up top (It's called "Preferences" on Mac). Your account information can be easily changed under the "Accounts" tab.
Should I reset all of my passwords?
This also couldn't hurt, though it's time consuming. An easy way around this (since surely this won't be the last time one of your services gets hacked) is to get a program like 1Password or lastpass and use those to regularly change all of your passwords.
How can I reset which computers can access my Steam account?
Similar to changing your password, go into the "Settings" menu ("Preferences" on Mac) and access the "Accounts" tab. Click "Manage Steam Guard Account Security" and select the option to deauthorize all computers now. Then, reauthorize your computers one by one.
Are we gonna get free games because of this?
Well, there's usually some sort of "make good" after this kind of thing happens. Sony gave away a few games after they got hacked, so it stands to reason that Valve will do something similar. That or just give everyone some rad hats.
Who cares about my credit cards and passwords. Will Skyrim still unlock tonight?
Though the Steam forums are down, Steam itself is still working fine for all of us. So, you can relax: we don't anticipate a problem with Skyrim's launch.
Today Valve told us that their cloud-based Steam service has been compromised, and that users' personal information and credit card information could be at risk.
Here are some common questions we've been getting, and the best answers we can provide given what we know. We are monitoring the situation and have reached out to Valve for more information. We'll update as we learn more.
Wait, Valve Was Hacked?
Steam, specifically. Here's what we know.
Is my credit card compromised?
Valve isn't sure. According to the email we received, the hackers gained access to a database that included user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and yes, encrypted credit card information.
Valve does not have evidence that the encrypted credit card numbers or personal information were actually taken by intruders, nor that the intruders have the means to crack the encryption. Valve reports that they don't have any evidence of credit card misuse at this time and are "still investigating."
When did Valve know about this?
Valve started investigating after their forums were defaced this past Sunday, November 6th. It's unclear when exactly they realized that the intruders had also gained access to a Steam database.
Who is responsible?
No one knows, and no one has claimed responsibility. It is suspected that a site called Fkn0wned.com had something to do with Sunday's forum defacement.
Should I change my Steam Password?
It couldn't hurt, might as well take this opportunity to change your Steam password. It's really simple—on PC, open Steam and go to "Settings" in the "Steam" menu up top (It's called "Preferences" on Mac). Your account information can be easily changed under the "Accounts" tab.
Should I reset all of my passwords?
This also couldn't hurt, though it's time consuming. An easy way around this (since surely this won't be the last time one of your services gets hacked) is to get a program like 1Password or lastpass and use those to regularly change all of your passwords.
How can I reset which computers can access my Steam account?
Similar to changing your password, go into the "Settings" menu ("Preferences" on Mac) and access the "Accounts" tab. Click "Manage Steam Guard Account Security" and select the option to deauthorize all computers now. Then, reauthorize your computers one by one.
Are we gonna get free games because of this?
Well, there's usually some sort of "make good" after this kind of thing happens. Sony gave away a few games after they got hacked, so it stands to reason that Valve will do something similar. That or just give everyone some rad hats.
Who cares about my credit cards and passwords. Will Skyrim still unlock tonight?
Though the Steam forums are down, Steam itself is still working fine for all of us. So, you can relax: we don't anticipate a problem with Skyrim's launch.
-
{ESC}Bunny
- Server Admin
- Posts: 1406
- Joined: Sun Nov 29, 2009 11:07 pm
- Location: Brooklyn, New York
times like these make me think back to the good ol days...when you just went out bought a plastic cartridge for 24 bucks, plug it in the box and started gaming without a care in the world.
Venmo Donate
Cheaters Beware
