Valve confirms Steam security breach
Personal info, encrypted credit card details compromised.
Valve has confirmed that users' personal information has been compromised following a Steam security breach at the weekend.
As reported earlier this week, an intrusion was detected in the Steam forums on Sunday resulting in them being temporarily shut down.
However, according to an IM from company president Gabe Newell just sent to the entire Steam user base, it now turns out that the breach goes beyond just the message boards.
"We learned that intruders obtained access to a Steam database in addition to the forums," he wrote.
"This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.
"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
"We don't have evidence of credit card misuse at this time," the note continued. "Nonetheless you should watch your credit card activity and statements closely."
Newell stated that Valve requires all users to change their forum passwords next time they log-in.
"If you have used your Steam forum password on other accounts you should change those passwords as well," he advised.
"We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password."
Valve aims to reopen the forums "as soon as we can."
"I am truly sorry this happened, and I apologise for the inconvenience," Newell concluded.