Sections

Newell confirms Steam user details taken

Statement reveals encrypted data taken in November hacking

Valve co-founder and managing director Gabe Newell has confirmed the details of last November's cyber attacks on the Steam distribution service, revealing encrypted credit card information had been compromised.

"Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008," he said.

"This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."

At this time Valve do not believe any of that information has been accessed, but advised users to be vigilant.

At the time of the hacking, Newell wrote to Steam users to say, to Valve's knowledge, no encrypted data had been taken.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked," read a statement from Newell.

In an unconnected incident, yesterday Steam was down for a full 80 minutes in a power outage, after problems at one of the company's data centres.

"Our data centre's uninterruptible power supplies experienced a power failure," reported the official support forum last night.

"The power is back on now and we're working to get service restored as quickly as possible. We apologize for any inconvenience this may have caused."

In January Valve's latest financial statements showed the service saw more than a 100 per cent increase in year-over-year unit sales for the seventh year running.

Related stories

New games on Steam in 2016 rose 40% over last year

Over 4200 games hit the store in 2016, Steam Spy says, equivalent to 38% of its lifetime total

By Matthew Handrahan

Australian Competition Commission wants to fine Valve $3m

Courts to decide how much Valve must pay over lack of refunds policy

By Christopher Dring

Latest comments (7)

John Bye Lead Designer, Future Games of London4 years ago
I appreciate it's old data and therefore hopefully less damaging, but still, it's taken them three months to find his out? When Sony took *one week* to uncover the full extent of the PSN hack there were lawsuits, congressional hearings, and a big compensation package for all registered PSN users.
0Sign inorRegisterto rate and reply
Morville O'Driscoll Blogger & Critic 4 years ago
Such is the love Valve have amongst the PC community.
0Sign inorRegisterto rate and reply
Fran Mulhern , Recruit3D4 years ago
I wonder if this explains why I got sent a new credit card recently, with a letter saying that, although no suspicious activity had been spotted on my account, my credit card company had "identified a number of accounts" at risk with their current cards. Needless to say, the card was registered on Steam.

0Sign inorRegisterto rate and reply
Show all comments (7)
Barrie Tingle Live Producer, Maxis4 years ago
Maybe someone with more knowledge can explain but why do companies keep credit card details old or new on their systems unless requested by the user?

I mean, is 3 year old credit card details of use to anyone? So why store them?
0Sign inorRegisterto rate and reply
John Tearle Founder, CEO, Flix Interactive4 years ago
Well said Barrie. Also - gotta love the line "Our data centre's uninterruptible power supplies experienced a power failure," reported the official support forum last night...
0Sign inorRegisterto rate and reply
Private Industry 4 years ago
I have the same feeling as John, Sony gets torn to pieces by everybody for taking a week and valve takes month and everything is cool.

Barrie maybe it has something to do that people click on the box to save the credit card details or that they get automaticaly saved to the account so it doesn`t always need to be added each time you want to make a transaction?

Great uninterruptible power supply :)
0Sign inorRegisterto rate and reply
gi biz ;,pgc.eu 4 years ago
Maybe because it lift the feeling of "paying": you just click, nothing practical happens, while if you had to go get your wallet and type the numbers you would think "oh my, this month I already did this three times, better wait for the next month". Marketing psychology is evil and careless of real world issues. But more than them, I blame people who fall for those tricks. Sony asked for my credit card for opening a (free) online account, so I just didn't open it. Desura asks me if I want to store my password and I can choose "no", so I use Desura.
Think if your local grocery store offered to keep a clone of your credit card, so the next time you shop you don't have to open, or even bring with you, your wallet.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.