Valve Says Hackers Probably Nabbed Transaction Data

In November, online game distributor Valve revealed that hackers breached the system. In a recent follow-up statement, Valve CEO Gabe Newell says hackers probably got a hold of transaction data, which includes encrypted credit card info and billing addresses, as well as user names and email addresses.

Here’s an excerpt from the statement, published by Kotaku:

In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

Newell says Valve is continuing to investigate and assisting authorities as they look into the matter. Although Valve doesn’t believe passwords have been compromised, it can’t hurt to change your Steam password, as well as any other sites on which you used the old password.

Valve: It’s ‘Probable’ That Hackers Obtained Old Steam Transaction Data [Kotaku]


Edit Your Comment

  1. BobOki says:

    I guess this is why servers went down last night for hours?
    It’s ok Valve. I have faith you will do whatever is right to fix this, you have not let me down yet.

    • deezil says:

      Nope, last night was caused by a power outage at their server farm. A UPS failed, causing everything to head south faster than a flock of geese.

      • DarthCoven says:

        You missed a prime opportunity to make a “went down faster than your mom” joke there.

        • Dr. Ned - This underwear is Sofa King Comfortable! says:

          It’s Monday, everyone needs a free pass for missed cleverness opportunities.

      • BobOki says:

        Are you trying to tell me vavle server farm was on a single UPS? What is that thing, the size a of building? Datacenters have generator backup which kicks on seconds after power failure. UPS is sized to last only a few minutes to hold over till generator is on. A single UPS failure would not bring down an entire center, that would be crazy. I find it hard to belive that Vavlue would engineer thier systems in such as way as to exploit a single point of failure.

  2. deathbecomesme says:

    Atleast the first post wasn’t about Whitney.

  3. jrwn says:

    I’m glad they only got usernames/email address/ billing address/ CC info and not the Steam password!!!

    • Mr. Fix-It says: "Canadian Bacon is best bacon!" says:

      Remember that the Credit Card info is still encrypted… It’s theoretically possible for a hacker to break that encryption (you make a better mousetrap, someone breeds a better mouse) but incredibly unlikely.

    • Oranges w/ Cheese says:

      And also, most credit cards expire 2 – 3 years after issue. In most cases considering the age of the data I would think that you’re out of the woods.

  4. Jeff asks: "WTF could you possibly have been thinking? says:

    I had to check right away when I got that message last night. It was nice to see “There is no stored credit card information associated with your Steam account”. I’ll probably get beat up for this, but, I’m glad I used Paypal for my Steam account.

    • Mr. Fix-It says: "Canadian Bacon is best bacon!" says:

      I use Paypal, but very conservatively. I only put as much money on my Paypal as I’m going to immediately use after the transfer clears, and that’s only if the vendors don’t accept “Instant E-Cheques”. I never leave money sitting in the account, and I don’t conduct any other kinds of business with it.

  5. dolemite says:

    I wonder if this is why I got a new CC in the mail stating a 3rd party had been compromised.

  6. RiverStyX says:

    First with Zappos, now this. Again with why my passwords are random gibberish. I never keep a universal password, and I never use a password hint option..If they find one password that would also control other accounts, game over.

  7. LizziePoo says:

    I’m just happy Consumerist attached a picture of an actual valve to this article. Hilarious!

  8. kornkid42 says:

    WTF, this the the first I’ve heard of it. They never sent me anything letting me know.

    • Jawaka says:

      I received an email. Check your spam folders. Also, the news was on the first thing that loaded up on Steam when you started the Steam app or any Steam based game. It was a big windows (where they’d normally advertise specials) that you’d have to manually close.

  9. Kuri says:

    This might explain why my bank thought my debit card was compromised.