Following talk that the Steam forums had been hacked, Valve's Gabe Newell has issued a response. The official forums were in fact "defaced" on Sunday, and unfortunately, intruders have gained access to a Steam database as well.
"This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked."
The investigation is ongoing, though Valve recommends you watch your credit card activity to be safe. There is no evidence of credit card misuse yet, and the company is only aware of "a few" compromised forum accounts, but you should still change your password(s). As far as Steam accounts go, Valve has yet to come across any that were compromised.
[Image]
Dear Steam Users and Steam Forum Users,
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don't have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.
While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password.
We will reopen the forums as soon as we can.
I am truly sorry this happened, and I apologize for the inconvenience.
Gabe.
Contest:
5:26 PM on 11.10.2011 | 
Well, unlike Sony, everything was encripted and even if they take your account they wouldn't be able to get into it due to SteamGuard.
Anyway, I changed my password and secret question today without knowing about any of this, which was pretty damn aweeeesome.
i'm not worried by this despite being a steam user.
"Them bitch ass niggas messin with MAH steam? Aw hell naw, they brought beef. I'm bringing the ruckus."
Go get em, Gabe!
*facepalm*
"We learned that intruders obtained access to a Steam database in addition to the forums."
ability to access it and download it as it is. to hack it is to gain access to what's inside it.
but okay in this. it's misleading because it sounds as if the important info was hacked. and it wasn't. in fact it's not even known if hackers knew what was in their hands so far
Sony was indeed encrypted and shit gets hacked and stolen all the time and just like when Sony was hacked, two shits are not given by me. I will change passwords and watch my credit card like I do all the time. If you don't look at your statement each month, your doing it wrong.
actually, it's Sony's fault (their PR guys, to be precise) that people say it was unencrypted. They didn't clearly say that info was also hashed (like here with Valve) until almost before PSN started working again.
Plus, people simply don't trust Sony enough. And that info mixup made them even less trusting.
Valve waited almost a week, which was really frustraiting. Talks of a forum hack were since it happened 5 days ago. Still, it seems that it was because they were sure everything's under control, apparently.
#gamerlogic
True story. What a cool guy.
JimmyX get on top of this investigation NOW!
Not that it affects me one way or t'other. I've never put a CC number into the hands of either company.
Valve had encryption. Sony didn't.
Valve informed their customers within a couple days, Sony waited a couple weeks.
Also, valve clearly updates their shit, before this year Sony was skimping on security updates.
Well shit
Really? You didn't see all the people claiming it was poetic justice because of the Geohotz thing and celebrating it?
Also worth reminding everyone that Sony's info WAS encrypted. The whole thing about it not being encrypted? Came from a single forum post from an anonymous source on a board somewhere. Seriously. That's the source.
Sony themselselves admitted on the Playstation blog that PSN's personal data table was unencrypted.
The cc table and the personal data table were two different data sets.
The former was encrypted while the latter was not. I wasn't claiming otherwise so I don't quite get your point.
So look for any enemies of mine who are hackers. Should be a short list since most people who hate me are mouthbreathing idiots.
CC data was being sent unencrypted from the PS3 to PSN. The danger there was that people would distribute hacked firmware that would direct traffic from those who downloaded their hacked firmware to another server before passing it on to Sony's servers aka a man in the middle attack.
That was my point, perhaps I should have worded it more clearly.
Not trolling here guys, just stating facts.
and look what we have here :D
sure they informed the customers ahead of time, and the CC are encrypted, but but the fact that hackers still manage to do some damage just shows you nothing is safe.
i love Steam and all and Valve will probably handle this seriously.
but still nothing is safe. and i assure you this will not be the last one.
Fuck you.