Valve's online game service Steam hit by hackers

Artwork from Skyrim Steam is closely involved with the launch of the eagerly anticipated game Skyrim

Related Stories

The Steam video game service, used by 35 million people, has been compromised by hackers.

Its owner and operator, Valve, uncovered an intrusion into a user database while investigating a security breach of its discussion forums.

The attackers used login details from the forum hack to access a database that held ID and credit card data.

Valve said that, so far, it had no evidence that credit cards were being misused or Steam accounts abused.

Losing trust

The defacement took place on 6 November and the Steam forums were taken offline when Valve learned of the attack.

At first the firm said the discussion groups were offline for maintenance.

However, a message posted to the front page of the forums by Valve boss Gabe Newell on 10 November has revealed that the sites were shut down because of the defacement.

Valve's investigation of that incident revealed that the "the intrusion goes beyond the Steam forums".

The initial investigation showed that the attackers gained access to a Steam database that held "user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information".

Valve has not said whether this was the full database of Steam's 35 million active accounts or a subset of that total.

Mr Newell said Valve had no evidence that the encrypted credit card information or personal information on gamers had been taken. However, he added, "we are still investigating".

He said it had only discovered that a few forum accounts had been compromised and used to carry out the defacement.

But Mr Newell added that all forum users will be required to change their passwords when the discussion site re-opens, which the firm is trying to achieve as quickly as possible.

He advised users to change passwords on other accounts if they are the same as the one used for the Steam forums.

"I am truly sorry this happened, and I apologize for the inconvenience," concluded Mr Newell.

Code changes

Steam is a gaming service that lets people buy, download, play and chat about a huge variety of games, only some of which are made by Valve itself.

About 1,500 titles are currently available on Steam including Skyrim, LA Noire and Modern Warfare 3 as well as many independent and free games.

Security expert Paul Ducklin, writing on the blog of security firm Sophos, handed down advice about what to do following the breach.

He said users should change passwords, monitor credit card statements, consider removing card numbers from Valve's servers and sign up for the Steam Guard security service.

He also urged users to insist businesses take steps to make it much harder for hackers to penetrate their systems and use stolen data.

"Community pressure has persuaded many businesses to improve their password-handling code," he said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Cesc FabregasFair price?

    Have some football clubs overpaid for their new players?


  • Woman and hairdryerBlow back

    Would banning high-power appliances actually save energy?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


  • Women doing ice bucket challengeChill factor

    How much has the Ice Bucket Challenge achieved?


  • Women in front of Windows XP posterUpgrade angst

    Readers share their experiences of replacing their operating system


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.