Your security, networking, programming, and application news source.
Google

Sunday, February 12, 2012

Steam Warns User's Personal Info and Credit Card Data Swiped in Last Year's Intrusion


<Steam>, the popular gaming digital rights management platform by <Valve>, pushed an update today containing an "update news" page, which warned of the discovery that personal data was stolen in last year's intrusion. Steam warned that a copy of a backup file about transactions between 2004 and 2008 may have been obtained. Steam assured that no Steam account passwords were included, but mentioned the following user data being contained in the taken data:

  • User Names
  • EMail Addresses
  • Encrypted Billing Adresses
  • Encrypted Credit Card Information



Steam Update News Text:
February 10th, 2012
Dear Steam Users and Steam Forum Users:

We continue our investigation of last year’s intrusion
with the help of outside security experts. In my last
note about this, I described how intruders had accessed
our Steam database but we found no evidence that the
intruders took information from that database. That is
still the case.

Recently we learned that it is probable that the
intruders obtained a copy of a backup file with 
information about Steam transactions between 2004 and
2008. This backup file contained user names, email
addresses, encrypted billing addresses and encrypted
credit card information. It did not include Steam
passwords.

We do not have any evidence that the encrypted credit
card numbers or billing addresses have been compromised.
However as I said in November it’s a good idea to watch
your credit card activity and statements. And of course
keeping Steam Guard on is a good idea as well.

We are still investigating and working with law
enforcement authorities. Some state laws require a more
formal notice of this incident so some of you will get
that notice, but we wanted to update everyone with this
new information now.

Gabe