Up to 35 million gamers with accounts on Steam, the multiplayer and digital games distribution platform developed by Valve, may be at risk following a breach of its database.
Information in the database included usernames, passwords, data on members' game purchases, and members' email and billing addresses and encrypted credit card information, Valve said on Thursday.
However, there's no evidence that the hackers stole encrypted card numbers or information that could personally identify anyone, Valve claims.
There's also no evidence that members' credit cards are being fraudulently used by third parties, Valve added.
The first indication of the attack was the defacing of Steam forums on Sunday, Valve stated.
"Based on the information we have so far, it seems to me that [Valve] responded pretty quickly, and seemingly as honestly as they can," Roger Thompson, chief emerging threats researcher at ICSA Labs, told TechNewsWorld.
The Genesis of the Attack
Rumors that the Steam site had been hacked have been circulating on the Internet for the past few days.
The Steam forums were defaced Sunday evening, and investigations showed that the intrusion extended to hacking the Steam database, Valve said.
Redirects for a hacking website, Fkn0wned.com, appeared on the Steam users' forums on Sunday, gaming blog Kotaku reported. However, Fkn0wned.com denied responsibility, posting a statement to that effect on its site.
It's Only Words
Valve said it doesn't have evidence that encrypted credit card numbers or personally identifying information was stolen, or that the protection on credit card numbers or passwords was cracked.
Given that the database contained encrypted credit card numbers and personal information of members, including their email and billing addresses and purchases histories, that implies the hackers didn't take any particularly valuable information. If that's true, then why is it suggesting members watch their credit card activity and statements closely?
Perhaps Valve's just being cautious.
"The risk is both in terms of being found negligent if someone has had their identity stolen and significant damage is done, or being found to have not complied with disclosure rules, which cover both the information stolen and the potential materiality of the exposure to the company penetrated," Enderle Group Principal Analyst Rob Enderle told TechNewsWorld.
natural skin care tips