Valve Software has confirmed that hackers gained access to some of its Steam customer databases on Sunday, November 6th. Attackers accessed forum data as well as a Steam database containing user names, password hashes and salts, game purchases, billing addresses, and encrypted credit card information. There is no word yet on how many of the approximately 35 million active Steam accounts are affected. Valve Software director Gabe Newell said that there is no evidence yet of credit card misuse, but customers should watch their credit card activity. Newell added that Valve currently only knows of "a few forum accounts" that have been compromised.
Because of the incident, all Steam forum users will be asked to provide a new password when they next log in. Newell noted that forum logins are separate from Steam account logins, but it "wouldn't be a bad idea" to change the Steam account login password as well, especially if it is identical to their forum password. Other suggested precautions include resetting one's security question, not storing credit card data on Steam's servers, and enabling Steam Guard, which emails the user each time someone logs on to the account.
Members of the CWRU community are reminded by Information Technology Services (ITS) to be certain that they don't use their CWRU Network ID passwords in other services such as Steam.