Slashdot Mirror

← Back to Stories (view on slashdot.org)

Valve Announces Massive Steam Server Intrusion

Posted by samzenpus on from the save-my-game dept.

SKYMTL writes "Valve has revealed that hackers have gained access to the Steam database and have pulled a variety of information. A statement from Gabe Newell reads in part: 'Dear Steam Users and Steam Forum Users, Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums. We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating. We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely."

8 of 434 comments (clear)

  1. Proper back end hashing and encryption? by Anonymous Coward · · Score: 5, Insightful

    Awesome. Sounds like they were doing things right.

    1. Re:Proper back end hashing and encryption? by muon-catalyzed · · Score: 5, Insightful

      ..until some external auditor confirms this better start the identity theft ritual (credit cards pull etc.)

  2. Way to keep us informed? by feidaykin · · Score: 5, Insightful

    Funny that I had to read about this on Slashdot. You think they could send out a mass email to everyone with a Steam account, especially when credit card numbers are involved (even if they're encrypted). I hate inbox clutter as much as the next guy, but Gabe himself says to watch your credit cards for suspicious activity (which is never a bad idea), but how are Steam users supposed to know to do so if we don't read the Steam forums, or read Slashdot? Seems like they kinda dropped the ball on the whole communication thing here...

    --

    "To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking

  3. Re:Hilarity by Anonymous Coward · · Score: 5, Insightful

    The difference is in part due to how the attacks were handled by the respective companies, and in part due to the fact that Sony is run by gigantic cocks while Valve isn't.

  4. Re:Hilarity by ewanm89 · · Score: 5, Insightful

    Shall we go into how they fired their whole network security team the week before, or the fact the attacks on Sony were orchestrated as a retaliatory strike on them for certain lawsuits (I'm not saying it's right) just there were lots more factors to those specific attacks than just "we were hacked".

  5. Re:DRM rocks! by Spad · · Score: 5, Insightful

    As opposed to Xbox Live? GFWL? The Rockstar Social Club? Origin? Any MMO ever? Any website you've ever purchased anything from? etc.

    Let's face it, there's no shortage of places that have some, part or all of your personal information these days; Steam is just one of many.

  6. Re:Hey gabe by Mashiki · · Score: 5, Insightful

    Even after this, I still trust Valve more than I trust EA. Hell Valve could kill kittens and use their blood to fuel their servers, and I'd still trust them more than EA. One only needs to look into the past and see how much EA has treated not only their customers as dirt, but their employees.

    --
    Om, nomnomnom...
  7. Re:Hilarity by Charliemopps · · Score: 5, Insightful

    It's amazing what being generally nice to your customers, delivering what you promise and not trying to ass-rape them at every turn can get you when you finally do screw up isn't it?