Your login information returned multiple users. Please select the user you would like to log in as and re-type in your password.
We've had to do this so many time this year that by now the entire thing feels routine. That's right. Boot up steam, delete your credit card information and change your password. Yeah...I know you know.
There had been some rumors floating about that the Steam forums been hacked sometime last week. Today, Valve's Gabe Newell confirmed those rumors and gave us a little more info to the intrusion. Turns out that not only were the forums compromised, but so was an additional database which would have given them acess to "user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."
This information, however, was heavily encrypted. Meaning, even if they had access to the information, there is also a very strong possibility that they were unable to crack through the encryption. Good news for all of us.
Gabe has made a full statement to the steam community, available below.
Dear Steam Users and Steam Forum Users,
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
Comments
13 years ago
My being paranoid pays off I guess. Always pay from my steam wallet, and to put funds into that I exclusively use debit cards.
Surprised this hit Steam. I've always thought of it as super secure, but I guess things happen.
I'd also like to point out what the tweet that linked to this article said:
"Steam hacked, passwords and credit card info possibly compromised by Joseph Christ "
Joseph, how could you?
13 years ago
Wow, 4Player broke this news to me before any other source - thank you for potentially saving my steam account (which I have probably dropped ~$2 000 into over the past 3 years between my account and gifts to friends.) I hope everyone else is fine, especially you guys at 4PlayerPodcast.
13 years ago
Again? cmon hackers, why?
13 years ago
They should've focused that effort into hacking Gabe's account and receiving a prize for it like he promised when the new account security stuff came out. :P
I'm not too worried about my info. Valve's always had their shit together. I guess it's time for a password change though.
13 years ago
Another smart thing to do would be to de-authorize access to your steam account to all other computers. If you run your steam on multiple machines it will mean having to re-authorize them but its a mild inconvenience that could seriously help you in the long run.
Simply got to your settings (Preferences on Mac I believe) and this function should be under the Manage Steam Guard Account Security option. While Gabe did say it is unclear if actual Steam client accounts were compromised, it Is much better to be safe than sorry.
13 years ago
And this is why i dont have a PS3
13 years ago
thank god that they shut down the forums and left a message as fast as they did. Im also glad that the encryption is really hard and that client and forum are different.
just in case tho i changed my client password and will do the same once forum goes back up. I'm glad everything u do on steam is tied to your email for confirmation.....
13 years ago
Two words: Steam Guard.
Thank you Gabe and Valve for actually giving a shit about your customers.
13 years ago
Ugh, this is a damn shame.
13 years ago
I'm glad the guys here about 4PP care about this, I remember seeing the letter last night after closing out of Morrowind (Which I broke while modding yay!). I have as well spent a lot of money on my Steam account and really do not want to ever feel it may be "compromised'. I'm surprised these hacks have not gotten Microsoft yet.
13 years ago
I guess being paranoid does pay off sometimes, thanks for bringing this to light.
13 years ago
Thanks for letting does who don't go to Steam Forums or visit other video game blogs/news sites know Joseph!
Changed my Steam password and unauthorized my steam account for other computers (like Dimensaur said above) just in case they get their filthy hands on the gold (e.g. Steam client stuff).
13 years ago
Damn, that sucks. I know we've got a lot of Steam users around these parts, and I know how much the PSN hack sucked.
Sorry to hear about this, guys. Glad to see this announcement was as quick as it was.
13 years ago
*Was having a bad day, decided to go on Steam...* ...WELL FUCK YOU TOO, UNIVERSE.
13 years ago
Oh sheeeeeeeeeeeeeeeeeeeeet!
13 years ago
This is all rather unfortunate, but my mom and I keep very close eyes on our payment history in case stuff like this happens. I also changed my Steam account password just to be safe.
This is also another reason I always uncheck options such as "Would you like us to store your credit card information for quicker purchases in the future?"
13 years ago
Just more proof that there really does need to be an Internet police.
13 years ago
Thank God for Steam Guard! I knew that thing would come in handy one day!
13 years ago
I just found out my credit card was closed because Steam must have sent out to certain banks the accouts and credit card numbers that may have been breached. Mine was one of them and my bank immediately froze my account. Fast work on Steams part, they must have sent that information out like the day of the hacks because I was having problems getting into my account that same day. So good job Steam for acting so fast, because had someone actually got in account I would have been screwed.
13 years ago
meh, at this point all these security breaches dont even bother me anymore but at least valve was somewhat prepared for this so im not to worried