Valve admits forum hack exposed gamers' privates

Punters steamed about sensitive data leak


Steam, the online platform of video game firm Valve Corporation, has admitted that customer personal details including encrypted credit card information might have been exposed by a hack attack last weekend.

The hack led to the creation of a new "promoted" discussion thread on the Steampowered forum, ostensibly promoting a site offering gaming cracks. In addition, some users began receiving spam promoting the same site.

The Steampowered site was suspended, initially without explanation. However, in an updated message posted on Thursday (below), forum administrators admitted the site had been hacked and that the collateral damage caused extends well beyond that caused by a simple defacement.

Back-end databases – holding sensitive data including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information – were also breached. Users are advised to change their passwords and to keep a close eye on their bank statement, in case crooks manage to use the stolen data to commit fraud or perhaps to run identity theft scams.

Dear Steam Users and Steam Forum Users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they log in. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

News of the breach coincides with the release of Skyrim, the fifth game in Bethesda Software's popular Elder Scrolls series; unlocking the game and playing it online required access to Steam's online services.

Steam's game servers were taken offline, as a precaution, following the breach on its forums but they were back online in time for the Friday launch of the game, avoiding the need to delay the launch, as net security Sophos reports.

More than 1,400 games are available through Steam, which has an estimated 35 million active user accounts. How many of these accounts also use the Steampowered forums affected by the breach is unclear, but the figure probably runs comfortably into the millions.

Paul Ducklin of Sophos has some pointers for gamers on precautions to take following the Steam breach, the latest attack on only gaming firms over recent months, here.

The most notorious incidents in an annus horribilis for gaming firms was the April hack on the PlayStation Network, which exposed the private data of millions, leading to the network's weeks-long suspension. Victims of lesser attacks have included Nintendo, Bethesda and Sega, among others. ®


Other stories you might like

  • DataStax launches streaming data platform with backward support for JMS
    Or move to Apache Puslar for efficiency gains, says NoSQL vendor

    DataStax, the database company built around open-source wide-column Apache Cassandra, has launched a streaming platform as a service with backwards compatibility for messaging standards JMS, MQ, and Kafka.

    The fully managed messaging and event streaming service, based on open-source Apache Pulsar, is a streaming technology built for the requirements of high-scale, real-time applications.

    But DataStax wanted to help customers get data from their existing messaging platforms, as well as those who migrate to Pulsar, said Chris Latimer, vice president of product management.

    Continue reading
  • Infor to stop developing on-prem software for IBM iSeries
    ERP vendor had promised containerized options, but looks set to focus on the cloud

    ERP vendor Infor is to end development of on-premises and containerized versions of its core product for customers running on IBM iSeries mid-range systems.

    Born from a cross-breeding of ERP stalwarts Baan and Lawson, Infor was developing an on-premises containerized version of M3, dubbed CM3, to help ease migration for IBM hardware customers and offer them options other than lifting and shifting to the cloud.

    Infor said it would continue to run the database component on IBM i (Power and I operating system, formerly known as iSeries) while supporting the application component of the product in a Linux or Windows container on Kubernetes.

    Continue reading
  • Intel demos multi-wavelength laser array integrated on silicon wafer
    Next stop – on-chip optical interconnects? Plus it's built with 300mm tech, meaning potential volume production

    Intel is claiming a significant advancement in its photonics research with an eight-wavelength laser array that is integrated on a silicon wafer, marking another step on the road to on-chip optical interconnects.

    This development from Intel Labs will enable the production of an optical source with the required performance for future high-volume applications, the chip giant claimed. These include co-packaged optics, where the optical components are combined in the same chip package as other components such as network switch silicon, and optical interconnects between processors.

    According to Intel Labs, its demonstration laser array was built on the company's well-established 300mm wafer manufacturing technology which is already used to make optical transceivers, paving the way for high-volume manufacturing in future. The eight-wavelength array uses distributed feedback (DFB) laser diodes, which apparently refers to the use of a periodically structured element or diffraction grating inside the laser to generate a single frequency output.

    Continue reading

Biting the hand that feeds IT © 1998–2022