Original URL: http://www.theregister.co.uk/2011/11/13/steam_confirms_credit_card_database_attacked/

Valve says credit card data taken

Hopes its encryption will hold

By Richard Chirgwin

Posted in Security, 13th November 2011 23:09 GMT

Valve has now confirmed that the hack of its Steam forums reported last week may have included the theft of credit card numbers.

The company has emailed users saying that the intruders that defaced its forums also accessed a database which included “information including user names, hashed and salted passwords, game purchases, email addresses, billing information and encrypted credit card information.”

Since the card data was encrypted, it may not be usable to the attackers, operating under the handle fkn0wned. However, according to the Washington Post and others, the e-mail from founder Gabe Newell advised customers to watch their credit card statements for evidence of misuse.

It’s been a bad 2011 for online game servers, with the now-infamous Sony PlayStation Network hack setting gamers a-jitter and costing the company both dollars and reputation.

Valve has sought to reassure users that it wasn’t slack with their personal information. A password reset has been applied to all forum users, and the company suggests that any gamers whose Steam password was the same as their forum password should reset that as well. ®