Steam Forum Hacked, Time To Panic?

The Steam forums were for a time not accessible a few days ago. What felt like a hardware or software issue at that time was actually more serious than this.

Users who visit the Steam forums today see an announcement on the first page that informs them that the Steam forum and Steam databases have been attacked.

Among the stolen information are Steam user names, encrypted passwords, game purchases, email addresses, billing addresses and even encrypted credit card information.

Valve at this point in time has no evidence that the intruders were able to crack or access credit card numbers or user passwords.

The forums have been taken offline for the time being until the investigation ends. Forum users will be asked to change their password the next time they log into the forums once they are accessible again.

Steam accounts do not seem to be affected according to Valve as forum accounts and Steam accounts are not identical.

Users who have a Steam forum account should do the following:

• Change Steam account and other passwords if it is the same as the forum account password.
• Monitor their Credit Card statements if they have ever paid by Credit Card on Steam.
• Be aware of the possibility of targeted phishing attacks, e.g. disguising as Valve.

It is unlikely that attackers will be able to decrypt the credit card information or passwords. What they may do however is to run a dictionary of the top 1000 passwords against all user accounts to get full access to those accounts.

Users who have used weak passwords for their Steam forum account need to change the password as soon as the forums come back up.

They also need to make 100% sure that the password is not used for any other services, e.g. their email address or social networking sites. It is recommended to change the password on those sites and services right away to avoid further damage.

Advertisement