Valve has issued a statement on the hacking of Steam’s user forums, which includes details of further intrusion. The forums have been down since 6 November as a precautionary measure, following an attack made on that day which “defaced” them.
A message from Gabe Newell says that “We [have] learned that intruders obtained access to a Steam database in addition to the forums”.
What, exactly, does a database breach entail?
Newell explains: “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked,” but adds “We are still investigating”
As a result, Valve will force a change of password on the Steam user forums (an account separate from a Steam purchasing account) next time a person logs in. At the present time no change of password is being forced for those latter accounts, as Valve has no evidence of credit cards being compromised.
However, “it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password”.
I’ve just updated mine. Why not join me in doing so.