November 11, 2011
Valve Software Announces Breach Of Accounts
Valve Software, the online digital store, game library and multiplayer network has experienced a security breach and data loss, Gabe Newell, Founder and CEO of Valve Software, announced yesterday. The announcement began with the news that the Steam gaming forums, operated by Valve, had been defaced on Sunday.
Valve warned users that hackers have gained access to the company´s database, containing user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. With over 30 million registered accounts, this is potentially a very serious breach, reports Emma Woollacott of TG Daily.
“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” says Newell. “We don´t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.”
Paul Ducklin of security firm Sophos explains that many companies are encrypting credit card information, which is required by law, however the remainder of the information they hold about users is not required to be under such security, Daniel Nye Griffiths reports from Forbes.
“In my experience, many companies which are PCI compliant have treated that compliance merely as a box to tick,” Ducklin says. “They have taken the whole issue of PCI compliance as a security destination to be reached, rather than an excellent starting map for their security journey. That´s a pity, and a wasted opportunity to make things better for everyone.”
A screenshot of the defaced Steam forum appears as if hacking site Fkn0wned was taking credit for the breach. Several forum users have reported receiving e-mail spam that appeared to come from the hacking site, according to gaming blog site Kotaku.com.
A spokesman for Fkn0wned has denied responsibility. “I can say I didn´t authorize anyone to do what happened so Fkn0wned shouldn´t be held responsible.”
“If a member performs illegal actions in our name, there´s not much we can do about that other than to ask that member to stop. If a rival site is deliberately trying to bring us down by placing the attention of Valve´s legal department on us, there´s not much we can do about that either. It´s how this scene works and I´ll have to accept that.”
On the Net: