updated 08:25 pm EST, Thu November 10, 2011
Valve says Steam payment, passwords may be at risk
Valve Software co-founder Gabe Newell warned in a message to users that a forum hack found on November 6 had also touched on vital account information. After an investigation, the Portal 2 developer found that the unnamed intruders had gotten into a database that also had account names, e-mail, encrypted credit card numbers and passwords, and purchase records. While Valve had no reason to think the account information itself had been compromised, Newell advised gamers to watch their credit card activity "closely."
The company stopped short of requiring a password change on Steam accounts, but the forums on their return would have a mandatory password change. It "wouldn't be a bad idea" to change the Steam account password regardless, Newell said, especially for those who were using the same password on the forum as on the account. He personally stepped in to take some responsibility for the compromise.
"I am truly sorry this happened, and I apologize for the inconvenience," he said.
No estimated time frame exists for when the forums will go back online. Mac, Windows, and console gamers can still play games as usual.
While significant, the scope of the breach is considerably smaller than for the Sony PSN hack, which took three weeks to recover and affected tens of millions of accounts. Steam is both smaller and has had more of its information encrypted.