If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Steam forums and database hacked

Valve admits extent of attack 5 days after event

Valve has issued a statement detailing a hacking attempt which took down the Steam forums last week, but also penetrated the defences of a database holding passwords, plus billing, purchase, address and credit card information.

Passwords and credit card information was encrypted and Valve says that no evidence has come to light so far of any theft or misuse of details.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked," read a statement sent to Steam users by Valve boss Gabe Newell.

"We are still investigating."

No indication was given of how many accounts were breached.

"We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

"While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

"We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password."

Whilst the attack itself is perhaps an understandable and difficult to prevent danger, the delay in informing customers of the breach is likely to raise some eyebrows, especially given the ire which Sony attracted by staging a similar delay after the PSN security breach this year.

The first indication that the company had suffered some sort of attack was when the Steam forums dropped on Sunday, 6 November. Several users were then sent emails from a group identifying itself as "fkn0wned".

"Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks," read the mail.

"Along with hacks, we've also got some general discussion sections, hacking tutorials and tools, porn, free giveaways and much more. This site has been conditioned to meet all your needs in terms of resources so be sure to take a look and tell us what you think.

"Thanks again, the fkn0wned team."

This is the first public statement which Valve has made on the issue.

Related topics
Author
Dan Pearson avatar

Dan Pearson

Contributor

Comments