Last November, Gaming Bus reported that Steam had been hacked, and Managing Director Gabe Newell advised all customers to watch their credit card’s statements. Today, Gabe Newell made another announcement to all customers that those responsible for last November’s hack might have obtained Steam transaction data between 2004 and 2008. The statement is as follows:
Dear Steam Users and Steam Forum Users:
We continue our investigation of last year’s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.
Analysis: As noted by Josh in his analysis, Steam would need to be more transparent in regards to the breach in the future, and he was right. This is obviously an ongoing and critical matter for Valve and the fact that they let us know what might have been compromised, even without 100% certainty, is excellent public relations. I have to say my personal confidence in Valve is ever growing because of this.
This doesn’t mean you need to change your password again. However, anyone who got a new credit card in that time frame should watch those cards closely if it’s still active, like Gabe Newell stated. It may also be possible for your financial institution to send you a new card if it’s close to expiring. My credit union did that for me, but told me they would only allow up to four months before expiring. This is something some of you might want to look into as a precaution.
Editor’s Note: Although nothing has been confirmed either way, Gaming Bus believes the severity of the reported information and its source are cause to go forward with this report.