Steam Hacked, Valve Investigating Possible Credit Card Theft

A message sent just now from Valve Corporation head Gabe Newell says credit card numbers and other personal information were inside a database compromised during a defacement attack on the Steam forums this Sunday.

Valve is advising all of its Steam customers to keep close eye on their credit card activity, as those numbers were inside a database the hackers penetrated during the larger attack, Newell wrote. The Steam Forums are currently closed. Steam itself is operating.

"We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating," Newell wrote. "We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."

The database exposed during the attack "contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," Newell said in the statement.

The Steam Forums are currently offline as Valve continues its investigation and recovers from the attack. When the forums return, all users will be required to change their passwords. Users who used the same password on the Steam Forums as they did on other sites are advised to change those passwords as well.

"We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password." Newell wrote.

"I am truly sorry this happened, and I apologize for the inconvenience," he said.


You can contact Owen Good, the author of this post, at owen@kotaku.com. You can also find him on Twitter, Facebook, and lurking around our #tips page.