Steam users who have been keeping a close eye on their email this evening already know that Valve has been forced to issue a major mea culpa this evening. In 2009 hackers were able to steal Steam files containing information regarding all known user addresses, credit card numbers, and financial interactions made using the popular online marketplace.
Although Valve maintains that all of the sensitive information remains encrypted, this breach of security is sure to be a major cause of concern for gamers all over the world. If you’re a regular patron of Steam’s services, be sure to check your credit history to ensure that no fraudulent charges have been made in your name recently!
The relevant portions of Valve’s statement read as follows:
Dear Steam User:
If you have accessed your Steam account since November 10, 2011 you know that we had a network intrusion. We learned about this intrusion when the Steam forums were defaced on November 6. Since then our investigation of this intrusion has continued with the help of outside security experts. We now have additional information we would like to share with you. We are providing this information to you in this formal way because it might be required by your state’s law.
We’ve recently learned that it is probable that in 2009 the intruders obtained a copy of a database with information about Steam transactions between 2004 and 2008. This database contained user names, email addresses, encrypted billing addresses and encrypted credit card information. We do not have any evidence that the encryption on credit card numbers and billing addresses has been compromised. We are still investigating and working with the Seattle FBI office.