Valve warning after Steam user database hacked
Millions potentially compromised after gaming system torn open
By John E Dunn | Techworld | Published: 14:45, 14 November 2011
The apparently low-key attack on Valve’s Steam gaming distribution network reported last week has turned out to be much more serious with attackers breaking into its user database, the company has now admitted.
First indications were that attackers had simply defaced the forum website on 6 November, causing it to be taken down as a precaution. In a disturbing echo of the major Sony hack from earlier this year, however, Valve has now admitted that the attackers also managed to hack into its 35 million-user database, a potential calamity.
Compromised data included user names, billing addresses, details of game purchases (the site is a major game ecommerce operation) and email addresses.
Related Articles on Techworld
Credit card numbers are believed to be safe although Valve has advised users – or their parents – to watch statements for fraudulent activity.
“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked” said Valve head Gabe Newell in a message to the entire community. “We are still investigating.”
The company said it would enforce a password change on all forum users with full Steam accounts being unaffected as long as users had not used the same password for both logins.
“I am truly sorry this happened, and I apologize for the inconvenience,” said Newell.
The Valve compromise is the second big attack on a gaming company this year, beaten only in size and significance by that of Sony in April. In that attack, the accounts of 77 million customers were compromised after portions of the company’s databases were stolen.
In some ways, the Valve Steam hack is more significant - the company acts a distribution hub for a large number of third-party games titles and not simply those tied to a single hardware platform.
Comments
Matt Peachey, Veracode said: Breaches are almost expected nowadays but its how businesses cope with the fallout that is really importantIts good to see Valve responding quickly and proactively to the breach to allow consumers to react quickly Also it looks like the customer data was encrypted hopefully using a strong encryption technology The important thing for Valve now is to address the security flaw that allowed the hackers to gain access to data in the first placeWhat this incident does highlight is that these types of attacks are an ongoing problem and companies need to prepare themselvesIf an online gaming company is still having problems despite the high profile Sony amp Sega hacks earlier this year how confident are other companies that this couldnt happen to them