Steam Hackers "Probably" Got Credit Card Info

[Andy Chalk]

Steam Hackers "Probably" Got Credit Card Info

Valve boss Gabe Newell says hackers who broke into Steam last year probably made off with an old backup file containing user names, email addresses and encrypted credit card information.

In November 2011, Steam became the latest victim in a string of attacks against game-related websites, as hackers worse than originally thought [http://www.escapistmagazine.com/news/view/114062-Hackers-Hit-Steam-Forums], as the hackers had also gained access to a Steam database containing user information including "hashed and salted passwords" and encrypted credit card info. On the upside, Newell said at the time that "we do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders," and that it would continue to investigate.

Valve now says that the intruders very likely did get away with credit card data, although at this point it appears that the stolen information is old - hopefully too old to be of any value. "Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008," Newell said in the latest update on the situation. "This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords."

"We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised," he continued. "However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well."

Valve is continuing its investigation in conjunction with law enforcement authorities.


Permalink

 

[Tony2077]

doesn't affect me since i started buying stuff from them last year

 

[Waaghpowa]

Not concerned at all. Even if something does happen regarding my credit card, my card company will lock it and wait till I can verify.

 

[TimeLord]

I use PayPal for all my Steam transactions so this is not a worrying thing for me. However I can see how it can be troubling for others.

 

[DarkRyter]

They encrypt with AES256.

There's nothing to worry about.

 

[D0WNT0WN]

God Bless Paypal.

I will never have to deal with hackers and their bullshit. Now if PSN (or SEN) would implement paypal.

 

[Ragsnstitches]

God Bless Paypal.

I will never have to deal with hackers and their bullshit. Now if PSN (or SEN) would implement paypal.

Unless they hack paypal or just your paypal... I honestly don't know the likelihood of that, but anything you do on the internet is traceable and potentially stealable too. I still remember when Amazon was hacked years ago. The net is far from perfect when securing credentials.

 

[LetalisK]

And yet neither Steam nor Microsoft, who had a similar issue, will get 1/10th the shitstorm Sony got. Why? Because Sony is PR retarded.

 

[Rad Party God]

Definitively not concerned, as I started to buy their digital stuff a couple of years back, I also recently changed my password, so knocking on wood.

 

[gigastar]

Not really worried, my card had to be changed lately anyway for an unrelated reason.

And yet neither Steam nor Microsoft, who had a similar issue, will get 1/10th the shitstorm Sony got. Why? Because Sony is PR retarded.

Yeah, pretty much. Even if the Microsoft and Steam hacks actually turn out worse than the PSN hack niether Steam or M$ will get as much flak as Sony did.

 

[RhombusHatesYou]

They encrypt with AES256.

There's nothing to worry about.

No shit. Any half decent 256bit encryption is so time intensive to decrypt without a key that they're effectively unbreakable and AES256 (formerly 'rijndael') doesn't have any 'breaks' (mathematical shortcuts) that brings keyless decrypt time down below 'lifespan of the universe', so it's pretty much bulletproof for the time being.

The game won't change until quantum computing really gets a toe hold in the crypto game... which will take a while before it gets out of R&D stages.

 

[Something Amyss]

I find it amusing that, with such a late disclosure here, people aren't throwing a tantrum.

They encrypt with AES256.

There's nothing to worry about.

Which is why Gabe has stopped spouting prideful statements about how they couldn't possibly get the info, MIRITE?

 

[poiuppx]

The glorious irony? I changed my card after the PSN hack; as a result, this doesn't affect me.

Still, here's hoping Valve keep on top of this. Hate for this to blow up in their faces.

 

[Not G. Ivingname]

Now this is how you handle a hacker crisis, be completely open about it.

Steam may have some issues, but at least they are open with there communications.

 

[Android2137]

Oh man that sucks. I mean, not for me, since this was all waaaay before I began using Steam, but still. Oh well. At least the credit card data is so old they probably can't use it.

 

[Kapol]

And here I was mad that it took Sony a week or two to tell us our account information was 'probably' stolen. At least I've changed my information since 2008 in almost every way and didn't spend anything until 2009. Still sucks though.

 

[aegix drakan_v1legacy]

I find it amusing that, with such a late disclosure here, people aren't throwing a tantrum.

Because they ALREADY said months ago that the hackers most likely got access to the server with the credit card info and stuff.

NOW they're saying that they DID get in, and made off with a backup copy of some transactions made, which included encrypted Card data.

So yeah, we already knew about this possibility, and this is just some extra confirmation.

 

[Lunar Templar]

>.>

so they basically got .... what you can find in the phone book ....

go them *rolls eyes* i didn't join steam till 09 and i've change my payment data least once since then, closing in on having to update it again actually

 

[Something Amyss]

Because they ALREADY said months ago that the hackers most likely got access to the server with the credit card info and stuff.

NOW they're saying that they DID get in, and made off with a backup copy of some transactions made, which included encrypted Card data.

So yeah, we already knew about this possibility, and this is just some extra confirmation.

Not quite. We were appraised of current information that Gabe bragged was uncrackable.

 

[wooty]

Oh good, another thing for me to possibly be concerned about. Cheers steam.

First you irritate the hell out of me with this steam cloud nonsense, now this. Been a love/hate/hate relationship between me and this company for many many years now.