Steam hack exposed 2004-2008 transactions

A letter from Gabe Newell updating users on the Steam hack from last year warns that a file of transaction activity between 2004-2008 was probably obtained. Passwords weren't included, and credit card and billing information was encrypted.

13

Valve is continuing its investigation into last year's Steam hack, and has discovered that a backup file with four years of transactions was probably obtained by the hackers. A letter from Gabe Newell maintains that credit card information and passwords should be secure, but warns users to watch their credit card statements for suspicious activity.

"In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database," Newell wrote. "That is still the case.

"Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."

The company says it still doesn't have any evidence that the encrypted credit cards or billing addresses were compromised, but Newell repeats his prior advice to keep an eye on your credit cards. "And of course keeping Steam Guard on is a good idea as well," he points out. "We are still investigating and working with law enforcement authorities."

Editor-In-Chief
Filed Under
From The Chatty
  • reply
    February 10, 2012 1:15 PM

    Steve Watts posted a new article, Steam hack exposed 2004-2008 transactions.

    A letter from Gabe Newell updating users on the Steam hack from last year warns that a file of transaction activity between 2004-2008 was probably obtained. Passwords weren't included, and credit card and billing information was encrypted.

    • reply
      February 10, 2012 1:27 PM

      I don't think I've ever used anything there except for PayPal, so I guess I dodged that bullet.

      • reply
        February 10, 2012 1:39 PM

        I thought they were saying that Credit Card information wasn't compromised by stuff like E-mails where.

        • reply
          February 10, 2012 1:41 PM

          And just keep and eye on the credit card activity. Probably wouldn't hurt to keep an eye on the Paypal activity.

          • reply
            February 10, 2012 1:51 PM

            Well the stuff's encrypted, but that doesn't mean much these days lol.

            • reply
              February 10, 2012 4:22 PM

              Yes, it does - cracking any reasonable comercial encryption (hell, even free encryption solution) is wayyyyyy beyond mean of anyone except maybe NSA.

              • reply
                February 11, 2012 2:47 AM

                BS. It depends on the timeframe and it is well known that more organizations than the NSA has the same kind of processing power. But I guess you're American. "The world" is much smaller to you than the rest of us. :)

                • reply
                  February 11, 2012 4:39 AM

                  No, I am not american.

                  Yes, it depend on timeframe - but nobody will care if someone can decrypt it in 35543134641314 years.

                  No, nobody has anywhere even close to what computing power has NSA available - check list of top 500 supercomputers - anything owned by US government is available to NSA if they really want.

      • reply
        February 10, 2012 2:35 PM

        Yup. Never give any of these online platforms, even Steam but especially Xbox Live, your credit card info unless you must. Paypal is a good middle man and layer of insulation even if it is an additional login hassle during the checkout process.

        • reply
          February 11, 2012 3:29 AM

          Cause Paypal will never get hacked.

          • reply
            February 11, 2012 3:54 AM

            well it hasn't been hacked yet has it? I would say it's pretty secure.

            Oh wait, you're just a troll

      • reply
        February 11, 2012 12:30 PM

        I generally use a reloadable card for my online purchases.

    • reply
      February 10, 2012 2:33 PM

      [deleted]

    • reply
      February 10, 2012 3:08 PM

      Nice of them to keep us apprised of what's going on.

      Sup Microsoft?

    • reply
      February 10, 2012 3:55 PM

      Valve, please encrypt your backups from now on.

      • reply
        February 10, 2012 4:04 PM

        The passwords weren't stored in the backup and the credit card numbers were encrypted. It is still a breach but could have been worse.

        I am not so much worried about incidents like that get publicized but the thousands that happen that we never even hear about. Disclosure is key as it allows you to plan your online security.

        • reply
          February 10, 2012 4:40 PM

          And that's where Sony went wrong. They didn't encrypt anything. The bigger part the perception. I still view Sony as being arrogant about the entire issue. My view of Valve is that they fully understand the gravity of these things and I believe they really do think these things through (you, back when they were first building out Steam).

    • reply
      February 10, 2012 6:22 PM

      my first Steam purchase was in 2009, dodged another!

    • reply
      February 11, 2012 3:47 AM

      Go ahead and steal my credit card. Congrats, you're $500 in the hole.

    • reply
      February 11, 2012 4:19 AM

      The credit card I had there already expired so I'm safe, or it doesn't matter?

      • reply
        February 11, 2012 11:24 AM

        As long as the Expiration Date and/or the Security Code has changed, you're safe.

Hello, Meet Lola