Steam is an online service that delivers Windows and Mac games through direct downloads. The service also offers player matching for head to head and multiplayer gaming, leader boards, achievements, and more.
The original attack occurred on Sunday, November 6th, and was first thought to involve forum accounts only. Valve Software, which operates the Steam service, said in a letter to users that in the process of investigating the attack, it learned that the hackers had penetrated its main data base of Steam user information, as well.
“This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information,” Valve cofounder Gabe Newell wrote in its letter to customers. “We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.”
He added, “We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”
Mr. Newell also said that his company hasn’t discovered any Steam accounts that have been compromised, but that its online forum accounts would require users to change passwords the next time they log in. The forums remain offline for now.