Gaming Hack Exposes Millions

Steam Attack Could Expose Users' Credit Card Numbers
Gaming Hack Exposes Millions

An online hack at Valve Corp., developer of the online gaming platform Steam, may have exposed up to 35 million users to fraud. Early reports suggest personally identifiable information and credit card numbers held by members of the site could potentially be exposed.

"We learned that intruders obtained access to a Steam database in addition to the forums," writes Gabe Newell, founder of Valve, in a message posted on the Steam forum. "This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."

According to the company's website, Steam offers 1,800 game titles and has 35 million active users. Steam is currently available in 237 countries and 21 different languages. The company distributes games and related media online.

While Newell says there's no evidence that encrypted credit card information or PII was taken by the intruders, an investigation is underway.

"We don't have evidence of credit card misuse at this time," he writes. "Nonetheless you should watch your credit card activity and statements closely."

The intruders were able to compromise a few of the online forum accounts, according to Newell's message, which forced Steam to require all users to reset their passwords.

So far, no compromised accounts have been reported.

Steam will remain offline until the investigation concludes.

Gaming Site Hacks: A Trend

Gaming sites have seen their fair share of attacks in recent months. In April Sony Corp.'s PlayStation Network and Qriocity online services were hacked by online intruders, who may have accessed personal information the company stored on 77 million users.

The video gaming company Sega in June said its online Sega Pass system had been offline for a few days because of unauthorized entry to its database; hackers obtained some members' e-mail addresses, birth dates and encrypted passwords.

The Sega posting didn't say how many members' PII had been exposed, but a Reuters dispatch from Tokyo identified 1.2 million affected customers.

Neal O'Farrell, founder of the Identity Theft Council, says hackers are wising up, capitalizing on consumers' growing apathy and corporations' reluctance to better protect their customers' personal information. "We have awareness," he says. "People know about identity theft. We just don't have vigilance."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network