The Steam video game service, owned by Valve, and used by 35 million people, has fallen victim to hackers. Valve became aware of the attack on a user database when investigating a smaller problem. A security breach on one of its discussion forums lead experts to uncover the cyber intrusion.
The attack occurred on 6 November, and Valve took the Steam forums down as soon as it learned of the attack. Hackers had gained access to a database that contained not only personal information, but credit card details too, after using login details from the forum hack. As yet is unclear whether the full 35 million accounts were compromised, or whether it was just a portion of this total.
Valve initially said that the forums had been taken down for maintenance, but it soon became apparent that something more serious. A message was posted to the forum’s front page from Gabe Newell, the Managing Director of Valve, on 10 November explaining that the sites were down due to the attack.
Valve are investigating the incident, and have announced that, so far, none of the compromised credit cards nor the Steam accounts had been misused. Experts also commented that "the intrusion goes beyond the Steam forums". Findings from the initial investigation showed that the attackers gained access to a Steam database that held "user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information".
Whilst Mr Newell said Valve had no evidence that the encrypted credit card information or personal information on gamers had been taken. He added, however, "we are still investigating". The findings, he said, had only confirmed that a few accounts had been compromised and used to carry out the intrusion. As a precaution, forum users will have to change their passwords upon the reopening of the discussion site. "I am truly sorry this happened, and I apologize for the inconvenience," concluded Mr Newell.
Online security expert, Tero Pollanen offered the following advice "Passwords should be kept private, never written down, and changed regularly. It is always good practice to keep an eye on credit card statements, and for those especially worried about this particular incident might consider removing card numbers from Valve's servers, and signing up for the Steam Guard security service instead". In order to make a stand against these kind of attacks, online security expert Tero Pollanen went on "businesses should be investing in preventative measures. The cost of hacking and fraudulant scams is astronomical, both to businesses and the economy as a whole. Businesses should be investing in improving password-handling code and data encryption."
No comments:
Post a Comment