Steam forums back online after security breach

Thursday, 10 November 2011 22:41 GMT By Brenna Hillier

Steam’s forums are back online after a November 6 attack potentially exposed users’ private information stored in the company’s database.

The news was confirmed on the forums, and if you have any questions about what to do next, the thread on the matter is very thorough.

On November 10, Valve boss Gabe Newell confirmed the news that user details and credit card information “may have been compromised” after the defacement of the forums and its user database.

“I am truly sorry this happened and I apologize for the inconvenience,” Newell said in a statement at the time. “Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

“We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.

“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

“We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”

Steam forum users are required to go through a password reset process now that the system is back online, but Newell has also urged general Steam users to re-secure their accounts – especially if you use the same password.

The Steam forums were taken offline due to Sunday’s attack, and a message was posted advising users of maintenance.

Over the weekend, Steam members reported the forums had been hacked and defaced before going down, and a group called fkn0wned contacted press to claim responsibility.

It was initially believed that only Steam vBulletin-hosted forums had been compromised, protecting customer details.

Latest