Steam hacked - but they're saying no credit card info was taken

11 November 2011

steam-logo If you’re a user of the popular online gaming emporium Steam, you might have had a funny feeling over the past 24 hours, a feeling that you were being violated. That’s because you were – the company has fallen victim to a security breach or ‘hack’ as it is often more vulgarly known.

A Steam investigation has revealed that the hackers got their greasy cyberpaws on a database containing “user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.” So it could have been worse, but then again, it could have not happened at all, and that would have been better.

Steam say that they do not believe that any personally identifiable was snaffled by the digital bandits and that no dodgy credit card transactions have taken place. However, if you’re a Steam user, you’re advised to change your password as soon as possible. Just don’t tell us what it is.

Here’s the email that Steam have sent out to their members…

Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.


TOPICS:   Privacy   Technology


  • Brizoh
    If I can't play L4D later, or if my account gets suspended because some scrote has stolen my key I won't be a happy chappy...
  • Misterel
    They've put the message you quote on the "announcements" popup in the steam client ( usually used to let you know what is on sale) - I don't think Steam have sent emails on this yet...
  • Mike H.
    Dear Bitter Wallet user and Bitter Wallet non-users and people what have never head of Bitter Wallet. Our blog was hacked sometime last week, we can't remember when , we were all too pissed to notice. Non of your accounts and stuff were salted or whatever. Please send us your credit card details email addresses and mothers maiden name so we can see if your credit cards have been compromised and stuff. We're not particulalry bothered this has happened what like Gabe was cos he makes a shit load of cash and stuff. Ta Bitter Wallet
  • Get h.
    We're a bunch of volunteers and opening a brand new scheme in our community. Your website provided us with valuable info to work on. You have done an impressive task and our entire group will be thankful to you.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment