Valve’s download service Steam has been hacked and credit card information has probably been nicked.
According to a statement from Valve, hackers managed to get into a Steam database that contained “user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. “
There is no evidence to suggest that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked, but it is early days in the investigation.
The statement said that Steam forums were defaced on the evening of Sunday, 6 November and after Valve started to investigate it found that the hack went beyond the Steam forums.
Valve said that punters should watch their credit card activity and statements closely to make sure that the hackers have not found a way to use the information.
It claimed that only a few forum accounts have been compromised and all forum users will be required to change their passwords the next time they log in.
So far there have been no compromised Steam accounts, so Valve is not planning to force a change of Steam account passwords (which are separate from forum passwords).