Earlier this week, it was announced on SiliconANGLE that Valve’s Steam forums had been defaced and the user database behind them had been stolen; now, it looks like it’s spread further than that and the customer database behind the Steam service itself had been compromised.
A message sent by the head of Valve, Gabe Newell, warned all users to change their passwords and to watch their credit card statements as the database of customer information appeared to have been stolen by the attackers.
“We learned that intruders obtained access to a Steam database in addition to the forums,” wrote Newell in a message displayed on the Steam forums. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.”
It’s still suggested that people might change their Steam service passwords now, just in case, and make certain they’re running two-factor authentication.
Steam has over 35 million users, making this a breach affecting a little less than half of those number of customers hit in Sony’s PlayStation Network breach. Fortunately, Steam hasn’t cut off all access to players suddenly and without warning (and for a month.)