Steam Forums & Database Compromised

Valve has reported that their Steam cloud network gaming service forums were defaced on Sunday, November 6th.  As they  investigated the annoying defacement incident, they found that the intrusion went beyond just the Steam support and social networking forums.

Steam is a gaming service that lets people buy, download, play, and chat about a variety of games, some made by Valve, others by other authors.  About 1,500 titles are currently available on Steam including Modern Warfare 3, Skyrim, as well as many “indie” and free games.  Steam claims to have over 35 million active accounts.

Intruders gained access to at least one of Valve’s Steam Network databases in addition to the forums.  This database contains customer information, including user names, hashed and salted passwords, game purchase records, email addresses, billing addresses, and credit card information.  The credit card information was reportedly encrypted, and there is no evidence so far that any of the information was taken by the intruders, or that the protection on credit card numbers or passwords has been cracked.  Valve is still investigating the incident.

Although Valve does not report evidence of credit card misuse at this time, they are warning customers to watch their credit card activity and statements closely.  It’s probably a good idea for all Steam Network customers to change their Steam account passwords and any passwords elsewhere that are the same.  To change your Steam password, access Settings from the Steam menu within the client software.