BreachExchange mailing list archives
Last Year's Steam Security Breach More Extensive Than Originally Thought
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 11 Feb 2012 01:45:57 -0500
http://www.1up.com/news/year-steam-security-breach-extensive Last November, Valve revealed that hackers gained access to sensitive Steam user information, including user names, billing addresses, and encrypted credit card information. Via a message from company founder Gabe Newell, the Valve informed users of the security breach but added, "We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked." Nearly three months later Valve is still attempting to assess the damage, which, according to a second message from Newell received by Steam Users today, was more extensive than originally thought. "Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords." writes Newell. While frightening, users shouldn't lose any sleep over the news just yet. "We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well." adds Newell. The incident is just one amongst many high-profile security breaches to take place in the last twelve months. Last year's disastrous PlayStation Network breach seemed to trigger a wave of similar incidents. As alarming as these cases can be, you shouldn't worry too much about the breach. As Newell pointed out, Valve did not uncover any evidence indicating that the hackers have broken the encryption on the most sensitive information. That said, Steam users should take some extra time to double check their credit or debit card statements in the coming months. Just because these hackers didn't break Valve's encryption yet doesn't make it impossible or prevent the criminals from selling the files to those who can. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Small, inexpensive USB drives pose huge threats to organizations left unprotected. Download Chapter 1 of CREDANT Technologies eBook Data Protection to the Rescue http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Current thread:
- Last Year's Steam Security Breach More Extensive Than Originally Thought Jake Kouns (Feb 13)