Just an FYI, Steam was hacked

Not sure if this was posted yet and I am sure everyone will know shortly. But as an FYI:

Valve CEO Gabe Newell has contacted all users of the Steam game distribution platform to let them know that the company has suffered a security breach. The hack was originally thought to be limited to the official Steam forums, but further investigation has revealed that the hackers had access to a database containing “user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

That said, they says that they have no evidence that any personally identifiable information was actually taken, and have detected no fraudulent credit card information.

Users of the service are advised to change their passwords and be on the watch for suspicious account activity.

Here’s the notice in its entirety:
Dear Steam Users and Steam Forum Users,

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.

We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.

While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.

We will reopen the forums as soon as we can.

I am truly sorry this happened, and I apologize for the inconvenience.

Gabe.

No, I haven't been contacted. Anybody else? Is this for real?

Yes, you should get a message through Steam.

Still no message from Steam/Valve about it. Only know about it because of RPGWatch & Slashdot.

It won't even let me change my password in Steam. Its saying "Steam cannot process your request. Please try again later"…

I haven't been contacted.

Just in time for the Skyrim release. It must RPGCodex terrorists.

I haven't been contacted. But I haven't been in steam for around a month.
And so far I haven't bought anything there. Just used the voucher I got from them during last year's Games Com, and "bought" a few games and demos which are actually free there.
I'm glad now that I didn't go further so far.

I can't change my password either.

Edit: Nevermind. I just needed to do it again. They must be swamped with people changing their passwords.

Originally Posted by Alrik Fassbauer
I haven't been contacted. But I haven't been in steam for around a month.

Hence you haven't been "contacted". The message was sent using the Steam pop-up system, so if you aren't using it, you won't have seen it.

Ah the bliss of online digital distribution.

So in addition to DRM we get the benefit to worry about stuff like that every once in a while (Not that I do really as I pay them via paypal linked to a debit card from an account
that only has a couple of hundred Euros at most)…

That is why I only buy retail (usually at half the price and I can play them whenever wherever I want) and only give steam money on sales and stuff…

Unfortunately, they are forcing steamworks on us for retail too at an alarming rate lately…

Edit: Just logged in from my macbook. No popup or notification…

Credit cards are compromised at retail all the time.

I like cash too for most of my purchases

But yeah, no way to be 100% sure and I do use Amazon extensively, but the debit card/paypal solution does give me a bit of peace of mind…

Anyway, changed my password just in case…

Thanks for the heads up btw.
You can delete any card you put in the system but that is a day late, so time to watch those statements or call and check them out every week at least.
Putting the notification in a popup is a bit lax on their part. Most people have popups blocked.

Shit, again? I had a 1000,- payment on my card when some server got hacked in the past, I should be careful and check this stuff. It's convenient for international payments, but shit… when will we be able to set up secure servers? Probably never.