What We Know About the Steam Hack and What You Should Do

Image for article titled What We Know About the Steam Hack and What You Should Do

Today Valve told us that their cloud-based Steam service has been compromised, and that users' personal information and credit card information could be at risk.


Here are some common questions we've been getting, and the best answers we can provide given what we know. We are monitoring the situation and have reached out to Valve for more information. We'll update as we learn more.

Wait, Valve Was Hacked?

Steam, specifically. Here's what we know.

Is my credit card compromised?

Valve isn't sure. According to the email we received, the hackers gained access to a database that included user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and yes, encrypted credit card information.

Valve does not have evidence that the encrypted credit card numbers or personal information were actually taken by intruders, nor that the intruders have the means to crack the encryption. Valve reports that they don't have any evidence of credit card misuse at this time and are "still investigating."

When did Valve know about this?

Valve started investigating after their forums were defaced this past Sunday, November 6th. It's unclear when exactly they realized that the intruders had also gained access to a Steam database.


Who is responsible?

No one knows, and no one has claimed responsibility. It is suspected that a site called Fkn0wned.com had something to do with Sunday's forum defacement.


Should I change my Steam Password?

It couldn't hurt, might as well take this opportunity to change your Steam password. It's really simple—on PC, open Steam and go to "Settings" in the "Steam" menu up top (It's called "Preferences" on Mac). Your account information can be easily changed under the "Accounts" tab.


Should I reset all of my passwords?

This also couldn't hurt, though it's time consuming. An easy way around this (since surely this won't be the last time one of your services gets hacked) is to get a program like 1Password or lastpass and use those to regularly change all of your passwords.


How can I reset which computers can access my Steam account?

Similar to changing your password, go into the "Settings" menu ("Preferences" on Mac) and access the "Accounts" tab. Click "Manage Steam Guard Account Security" and select the option to deauthorize all computers now. Then, reauthorize your computers one by one.


Are we gonna get free games because of this?

Well, there's usually some sort of "make good" after this kind of thing happens. Sony gave away a few games after they got hacked, so it stands to reason that Valve will do something similar. That or just give everyone some rad hats.


Who cares about my credit cards and passwords. Will Skyrim still unlock tonight?

Though the Steam forums are down, Steam itself is still working fine for all of us. So, you can relax: we don't anticipate a problem with Skyrim's launch.


You can contact Kirk Hamilton, the author of this post, at kirk@kotaku.com. You can also find him on Twitter, Facebook, and lurking around our #tips page.



I don't get it. Why?! Sony and Valve are the good guys. I get that they were pissed about linux on the PS3 and whatnot, but Valve only makes amazing games and provides a great service. I would think hacker computer nerds would know this. Can't they use their abilities to hack something worth while? Like terrorist organizations or Microsoft? (just kidding)