On the morning of the 7th of November, we reported on a network intrusion that had taken place in the Steam User Forums. Details remained sketchy, but the forums had been defaced and we could only assume that the hackers had gained access to forum users’ account information. At the time, we believed the situation couldn’t get much worse. But the forums have been down for 4 days now – could the situation be worse than we believed?
As it turns out, it may be. The following is a message from Gabe Newell himself regarding the intrusion, which, apparently, was not limited to the Steam Forums. This message is currently being IM’d to the entire Steam user base, it will appear in your Update News, and it can also be found on the Forums themselves.
Dear Steam Users and Steam Forum Users,
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
Well… that’s that. Let’s hope everything works out just fine, and that Valve tracks down and brings to justice those responsible for the attack.
18 Responses to “A Message From Gabe Newell Regarding the Steam User Forum Intrusion”
If were lucky guys we may have Half-Life 3 leaked like it did with Half-Life 2.
Steam Guard exists for a reason. This really isn’t that big of a deal.
Yeah? How exactly is steam guard going to protect my CC?
All of the info is encrypted like a motherfucker?
Wow. I never thought that Valve would ever be hacked, mostly because they don’t deserve it really. If I could suggest a suspect, it would be Anonymous that could have done it. They are the ones that are capable of doing these massive takedowns, just like they did to PSN. Anonymous usually has a reason for hacking corporations like Valve. Maybe Valve should check Anonymous’s website for anything suspicous. The next time I’m on, I’m changing my password.
I kind of doubt it was Anonymous. Call it a hunch.
Anonymous always try to make a big deal of what they do. And it looks like the guys who hacked Valve just wanted to get their job done.
If it was anonymous all they would do is try to DDoS the servers where Steam Store, Community and User Forums are hosted on and then have a 12 year old make a threatening video using a text-to-speech program saying a lot of nonsense.
These were spammers, not an organized group like Anonymous or LulzSec.
I hope those hackers get caught, and get what they deserve. I have absolutely no sympathy for people who purposely crash websites for their enjoyment, and steal other people’s personal information.
Agreed!
You’d think after psn got hacked all these online gaming stores would beef up their security. Ofcourse the asshole should say sorry for not protecting peoples privacy better.
How do you know they did not have the best security possible for them?
CC data was encrypted, passwords were salted and hashed, its more or less as secure as it can be.
Now it’s time for Steam Guard to hold it’s promises.
I don’t think it’s right that Gabe said sorry at the end
It’s not his fault really.
People have entrusted their personal information to his company and whatever happens to it is his/Valve’s fault automatically. Even if Valve did all they could to protect it, if it’s stolen, he does have to say sorry.
And even if he doesn’t have to be sorry, that doesn’t mean that he isn’t.