Valve’s Steam Gaming Cloud Cracks Under Hacking Pressure
It’s another gaming cloud security breach, as Valve’s Steam platform fell victim to hackers who defaced their forums and stole a user database — potentially, but not definitely, gaining access to personal information including credit card numbers.
Now, this isn’t nearly as catastrophic as the hack attack that took down the Sony PlayStation Network cloud for months. Here’s an excerpt from the letter from Valve co-founder and Managing Director Gabe Newell (credited in the letter simply as “Gabe”) that Steam is displaying to all users on login (including yours truly):
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
Unlike Sony, which simply toed the line that it “didn’t know” if credit card information had leaked from the PlayStation Network (when, in fact, it had), Valve is being forthright about the data it has. Newell noted it’s likely not necessary for users to change their Steam password given that there was no sign hackers had cracked the encryption, but it might be a good idea anyway. Much like Gmail, Steam offers two-factor authentication, and that might also be a good idea for those affected to enable.
Newell’s letter closed with a mea culpa: “I am truly sorry this happened, and I apologize for the inconvenience.”
But in the meanwhile, it’s takeaway lesson time: If you haven’t recently, check on the security of your cloud. You may be glad you did.