Apparently not all game publishers soaked in the lessons from Sony’s Playstation Network hack last April. Valve, which runs the popular Steam PC game service, said one of its databases was compromised over the weekend. The database contained user names, hashed and salted passwords, purchase information, e-mail addresses, billing addresses and encrypted credit card information.
“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” Valve’s co-founder and managing director, Gabe Newell, said in a statement.
Still, Newell told Steam users to watch their credit card statements and activity closely.
The breach stems from an intrusion into Valve’s Steam forums. After investigating, Valve discovered that the hack went beyond the Steam forums, but there’s still no evidence of compromised information beyond a handful of forum accounts.
“We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password,” Newell said.
So, it’s a security blunder on Valve’s part, and now everyone who’s used Steam should probably change their passwords to be on the safe side. Frustrating? Sure, but at least Newell has the humility to do something that took Sony a long time to accomplish: he apologized. “I am truly sorry this happened,” Newell’s statement concludes, “and I apologize for the inconvenience.”