THE BUZZ: Last year was a terrible time for online gaming services and account hacking. Part of those hacks hit Steam, and Valve co-founder Gabe Newell has given an update on that situation.
EGM’s TAKE: Here’s what Newell had to say, straight from the official Steam website.
Dear Steam Users and Steam Forum Users:
We continue our investigation of last year’s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it’s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.
Though it may be misplaced trust, I’ve always had the feeling that Newell and the folks at Valve are very upfront and honest with their fans. So, I’d like to believe (and do) that we’re being told all there is to know about what is known concerning what happened, and won’t later receive some sort of “well actually, it was worse than we previously admitted to” bombshell later on.
However, this—and all of the other hacking attempts that have gone on as of late—do make me wonder. Is it time that even things like names and email addresses are encrypted (if that’s even possible)? Sure, I’m far more comfortable with the idea of that information being obtained—versus things like my credit card number, address, or phone number—but even then I’m the type who doesn’t want that information out there unless I’ve done so myself.