Friday, November 11, 2011

Steam hit by hackers

     The video game service, used by 35 million people, has been compromised by hackers.

While investigating a security breach of its discussion forums, itts owner and operator, Valve, uncovered an intrusion into a user database.

The hackers used login details from the forum hack to access a database that held ID and credit card data.

Valve said that, so far, it had no evidence that credit cards were being misused or Steam accounts abused.

The defacement took place on 6 November and the Steam forums were taken offline when Valve learned of the attack.
At first the firm said the discussion groups were offline for maintenance.
However, a message posted to the front page of the forums by Valve boss Gabe Newell on 10 November has revealed that the sites were shut down because of the defacement.
Valve's investigation of that incident revealed that the "the intrusion goes beyond the Steam forums".
The initial investigation showed that the attackers gained access to a Steam database that held "user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information".
Valve has not said whether this was the full database of Steam's 35 million active accounts or a subset of that total.
Mr Newell said Valve had no evidence that the encrypted credit card information or personal information on gamers had been taken. However, he added, "we are still investigating".
He said it had only discovered that a few forum accounts had been compromised and used to carry out the defacement.
But Mr Newell added that all forum users will be required to change their passwords when the discussion site re-opens, which the firm is trying to achieve as quickly as possible.
He advised users to change passwords on other accounts if they are the same as the one used for the Steam forums.
"I am truly sorry this happened, and I apologize for the inconvenience," concluded Mr Newell.

1 comment: