Steam Account Intrusion - A Message From Gabe

[SatisfyingProvolone]

Users got this message via Steam pop-up today:

February 10th, 2012
Dear Steam Users and Steam Forum Users:

We continue our investigation of last year?s intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it?s a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe

 

[Zhukov]

Huh. I'd completely forgotten about that.

Well, I'm safe since I didn't have Steam until after 2008.

 

[psicat]

Wow, it took them a few months to catch on to the fact that credit card information was also taken. Rather pathetic, and yet people will still defend them while Sony caught all that flax.

 

[evilneko]

Wow, it took them a few months to catch on to the fact that credit card information was also taken. Rather pathetic, and yet people will still defend them while Sony caught all that flax.

Digital forensics is a long and painstaking process.

 

[teqrevisited]

Just as well that my card and address are no longer relevant then. There's bugger all for them to steal off there in the first place but still.

 

[ResonanceGames]

Wow, it took them a few months to catch on to the fact that credit card information was also taken. Rather pathetic, and yet people will still defend them while Sony caught all that flax.

They said that CC info had probably been compromised in the first announcement. They also said that they used AES-128 to encrypt them, so it would take longer for the hackers to crack one credit card number than the universe has existed and will exist.

 

[McMullen]

Wow, it took them a few months to catch on to the fact that credit card information was also taken. Rather pathetic, and yet people will still defend them while Sony caught all that flax.

People sent a lot of cereal to Sony after it got hacked? Perhaps they were concerned that their security staff were undernourished. Or were they hinting that Sony was constipated and needed more fiber? Aha! That's what it was! It was a message to Sony that they were full of shit! People have really gotten subtle these last few years.

OT: 2008 huh? Should be fine then.