X

Steam Web sites hacked, gamer data exposed

Forum user accounts compromised, but not accounts to the Steam online-gaming platform itself, the company says.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read
This screenshot shows the defaced Steam user forum site.
The defaced Steam user forum site

Hackers broke into a database with customer information at the Steam online gaming site, accessed user forum accounts and defaced a forum site, the company said.

"Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums," Gabe Newell, co-founder of Steam developer Valve Corp., said in a statement posted to the Steam site.

"We learned that intruders obtained access to a Steam database in addition to the forums," he added. "This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."

The statement said there was no evidence that encrypted credit card numbers or personally identifying information was stolen or that protection on the credit card numbers was cracked. "We don't have evidence of credit card misuse at this time," Newell said. "Nonetheless you should watch your credit card activity and statements closely."

And while some forum user accounts were compromised, it did not appear that any Steam accounts were compromised, the company said. However, people who may have used the same password on their forum and Steam accounts should change the passwords, Newell advised.

"We will reopen the forums as soon as we can," he wrote. "I am truly sorry this happened, and I apologize for the inconvenience."

Meanwhile, the company said its investigation is ongoing.

According to a screenshot of the forum defacement, it appeared as if hacking site Fkn0wned was taking credit for the breach. Some forum users later reported getting e-mail spam that appeared to come from the hacking site, according to gaming blog site Kotaku.com.

But a post on the Fkn0wned site denied responsibility. "I can say I didn't authorize anyone to do what happened so Fkn0wned shouldn't be held responsible," a statement from the founder said. "If a member performs illegal actions in our name, there's not much we can do about that other than to ask that member to stop. If a rival site is deliberately trying to bring us down by placing the attention of Valve's legal department on us, there's not much we can do about that either. It's how this scene works and I'll have to accept that."