Valve Reveals: Steam Data Breach Worse Than Thought

| No Comments | No TrackBacks
Online gaming is a major industry, and gamers put their trust in the servers and online gaming networks they use every time they log on.  These networks often store identifying user information in their servers, and in many cases have credit card data for online purchases stored as well.  The security (or lack thereof) of some of these platforms has been highlighted this year as a result of several high-profile data breaches, the most potentially damaging of which was the hacking of the PlayStation Network.

A new online gaming breach occurred last week, this time affecting the Steam online gaming platform.  The breach occurred when hackers compromised the Steam forums, posting advertisements to a game cheating website and sending emails to some forum users using the SteamPowered.com server. 

Steam shut down the forum indefinitely and included a notice about the breach in the news update that opens each time the Steam software is launched, letting users know what happened and saying that the forums would be offline until they had assessed the damage and security holes plugged.

One advantage that Steam thought they had going for them over some of the earlier breaches that have been in the news, was that the Steam forums are separate from the main gaming platform.  Users have to create a separate forum account to take part in forum discussions, and no financial transactions take place in the forums.

But unfortunately, Valve, the company that owns Steam and the creator of several games hosted on the Steam platform confirmed --says their investigation revealed the breach to be far worse than originally thought, as the below message from Valve's Gabe Newell confirms;

"Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums,"

"We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating."

"I am truly sorry this happened, and I apologize for the inconvenience," he concluded.

It is always unsettling to find out that your personal information has been stolen, whether it has been used by someone else or not. Whenever you discover your personal info may have been compromised, it's important not to panic ---and instead---focus on the steps you need to take in order to lessen your risk and any potential damage to follow.  As they say; especially in gaming --the best defense is a good offense.

The good news: You can take steps to lessen the impact a data breach can have on your life--you can take those steps BEFORE an identity theft happens to you.

The bad news:  Our data and it's security is no longer entirely within our control.  You can't be certain what information of yours might be in the hands of an identity thief.

What to do:

Notify the credit reporting bureaus if your personally identifying information has been compromised and request a fraud alert to be added to your credit file.

If you have a credit card associated with your account, contact the issuing bank immediately, let then know you need to cancel and have a new card issued. Watch your account statement for an fraudulent charges. Ask the creditor to flag your account -and inform you of any unusual charges.

If a debit card is associated with your account -notify your bank immediately. Have the account closed.  Ask them to additionally flag your new account and watch for suspicious debits or withdrawals.  In situations like this you can never be too careful. Remember, your debit card is connected to your money. And that money is not as easily replaced should a thief empty your account.

If any of you have Steam accounts --change your account passwords. If you use the same password  elsewhere, change it there too. Thieves know this and will look for other places to rob you.

Sign up for identity theft protection and restoration services before the worst occurs. Today's identity theft crimes are not just about credit related crimes. Consider signing up for services that monitor your whole identity --able to detect and alert you to suspected misuse of your data-and then be there to help fix any problems that occur.   

The realty: One data breach, one tech-savvy hacker, one rogue employee, a stolen wallet, misplaced smartphone, iPad or missing laptop can quickly turn into a costly and time consuming nightmare.

Don't let wishful thinking blind you to the facts: 9 million people have their identities stolen every year. It really CAN happen to you.
Enhanced by Zemanta

No TrackBacks

TrackBack URL: http://www.givemebackmycredit.com/cgi-bin/mt/mt-tb.cgi/965

Leave a comment


A memoir exposing the steep price consumers pay when facing mortgage servicing errors, inaccurate credit reporting, illegal debt collection practices, identity theft and weak consumer protection laws. THE BOOK » DENISE'S STORY »