Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 23, 2014
arrowPress Releases
October 23, 2014
PR Newswire
View All

If you enjoy reading this site, you might also want to check out these UBM Tech sites:

Steam Accounts Hacked, Credit Card Info Obtained
Steam Accounts Hacked, Credit Card Info Obtained
November 10, 2011 | By Frank Cifaldi

Valve's games-on-demand Steam service has been hacked, the company said Thursday, saying that a database containing private user information has been stolen.

That information includes user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information, according to an email sent by Valve managing director Gabe Newell to Gamasutra.

According to Newell, the company does not currently have any evidence of credit card misuse at press time, though warns that Steam users should nonetheless closely monitor their credit card activity.

Additionally, Newell said that the company is not aware of any compromised Steam accounts. While "a few" Steam web forum accounts were compromised, forcing a mandatory password change for all users, it does not appear that any main Steam accounts have been breached.

"I am truly sorry this happened, and I apologize for the inconvenience," writes Newell.

The news closely mirrors the infamous PlayStation Network attack from earlier this year, though Valve's public response time appears to be much shorter than Sony's was.

Related Jobs

Square Enix Co., Ltd.
Square Enix Co., Ltd. — Tokyo, Japan

Infinity Ward / Activision
Infinity Ward / Activision — Woodland Hills, California, United States

Senior Sound Designer - Infinity Ward
Treyarch / Activision
Treyarch / Activision — Santa Monica, California, United States

Multiplayer Level Designer - Treyarch
Nexon America, Inc.
Nexon America, Inc. — El Segundo, California, United States

Localization Coordinator


Isaiah Taylor
profile image
Think I'll change PW just in case...

Bryson Whiteman
profile image
How come Valve doesn't even send out a "Your shit's been jacked" e-mail??

Jonathan Draysey
profile image
If you log into steam you're greeted with "Your shit's been jacked" splash page instead.

Joshua Sterns
profile image
This hacker crap is really getting old.

Jacob Barlaam
profile image
hope all these hackers go to jail, no better than terrorists

Sean Currie
profile image
I absolutely agree! Losing the password to your Steam forum account is definitely equal to the trauma experienced by those who had loved ones die in the 9/11 attacks.

Tell me you were being sarcastic and are not actually that stupid. Or that disconnected from reality.

[User Banned]
profile image
This user violated Gamasutra’s Comment Guidelines and has been banned.

Evan Bell
profile image
Is that a cute joke(hi origin) or did you confuse Valve with EA

Philip Michael Norris
profile image
lol Dave, I was going to say the same thing

Adam Bishop
profile image
I suppose this was done because Valve removed Other OS support and they're really the ones to blame here, right?

Curtis Turner - IceIYIaN
profile image
Maybe get a free game outta this... Least an earlier beta invite to DotA 2 or CSg0g0g0

Jordon Biondo
profile image
Probably just a hat

Matija A
profile image
Hat would be nice :)

Joe McGinn
profile image
May I be the first to say Ffffffffffffffuuuuuuuuuuuuuuuuu...

evan c
profile image
"I am truly sorry this happened, and I apologize for the inconvenience," writes Newell.

Sony: Welcome to the club Gabe.

Maurício Gomes
profile image
Good that Valve supports PayPal...

I do not need to change my password =D All my payments to Valve were made with PayPal =D

Of course, PayPal sucks in many levels... I cannot wait to Valve support Bitcoin!

Rich Boss
profile image
Philosophically, Bitcoin is fatally flawed. Its value creation cycle is just as arbitrary as current fiat currencies, but unlike those fiat currencies it won't keep you out of jail when the taxman comes looking for his cut.

So, it is basically crowd sourced online currency R&D powered by a speculative bubble. Luckily, we don't seem to be actively devaluing anything to create Bitcoins, they are just using up computer cycles.

Bruno Xavier
profile image
"Inconvenience"?! LOL

Lucky me, never bought anything there by cc.

Fred Marcoux
profile image
so what if we have a steam account, but no forum account? or are they one and the same?

Mike Griffin
profile image
Forums and Steam accounts use different user name/log-in... provided the person was intelligent enough to actually use different ones for each. Of course 3/4 of the users out there use the same infos for every-frickin'-thing they sign up for. And that's a bad idea.

George Blott
profile image
I think this is a case of better safe than sorry, might as well change both.

Also: free TF2 Hats coming, I hope.

Rick Binkley
profile image
They should be like XBox Live my account got hijacked there, and I know there has to be others but you never hear anything, and three months and still waiting to get compensated.

Cordero W
profile image
After this was announced, my account somehow ended up applying for IGN. I changed my pw and reported already.

Russell Carroll
profile image
No email to tell users of the issue, really?

I was supposed to find this out how?


You're 'sorry'? In what world is potentially letting someone have my credit card and then not even bothering to tell me ok?


Valve? Hello?

Are you the new arrogant Sony?

(btw, I can't even bring up a log-in screen to Steam at the moment...hopefully a network issue? I enjoyed Portal 2, but at the moment I wish I'd never played anything through Steam...ever)

Sometimes video game companies stun me.

Jonathan Draysey
profile image
Perhaps it's a direct retaliation for the last TF2 update?

Maria Jayne
profile image
I'm confused how if its forum accounts that were compromised and not Steam accounts why they stated encrypted credit card numbers were taken. Surely they would be locked to the Steam accounts not the forum accounts?

Ross Bemrose
profile image
"We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating."

This is from the notice you see the first time you log in after November 10th. Which is also in the Valve News feed.

Likely, Valve found out that their network was compromised following a security audit after the forum hack.