Saturday, November 12, 2011

Steam’s 35 Million Users Compromised in Hack

Gamers who use the digital distribution network Steam were warned that their account information may have been exposed to hackers following a compromise of the company's Web page and back end databases.  The incident yielded a slew of sensitive customer information, including user’s passwords and encrypted credit card numbers, Steam said.

The warning came after an investigation of a Web site defacement  that affected Steam's forums on November 6th. Hackers were able to bypass the message boards and access the site’s database, according to a message sent to the site’s users last night by Steam co-founder Gabe Newell.
The database contained customer’s user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card numbers, according to the note.

Newell urged users to keep tabs on their credit card activity and their account statements, but said that there’s no proof attackers took any sensitive information, as a precaution. 

As a result of the hack, all forum users will be required to change their passwords upon logging in, while regular users of Steam are being encouraged to do the same, especially if they use the same password on both accounts.

While it remains to be seen how much personal information was actually swiped from Steam’s database and how well certain passwords and credit card numbers were encrypted, it of course recalls Playstation Network’s mammoth breach from earlier this year.

When hackers made off with the information of more than 77 million members of the video gaming platform worldwide in April, it left the network reeling to cover its tracks and make good on security after a series of embarrassing missteps.