The personal information and credit card details of 35 million Steam account holders may have been compromised following an attack by hackers.
A security breach of the Steam discussion forums led to an investigation by the service’s owner Valve, which then uncovered the intrusion into the user database on 6 November last.
The attackers used login details from the forum hack to then access the database which contained user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.
Steam, a video game download service, which currently has 35 million users, shut down the forums once the attack was detected, initially saying it was for maintenance.
However a statement by Valve boss, Gabe Newell, posted on the site last night, confirmed the extent of the attack. He also said that despite credit card and account information being compromised there was no evidence so far that it was being misused.
“We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” Newell said.
Newell did however warn users to keep an eye on their credit card account for any strange activity.
While only a few forum member accounts are known to have been hacked, all members will be required to change their password when they try and login in again. However as the company doesn’t know of any Steam accounts being compromised, it won’t be forcing a password change there.
The forums are still out of action on the Steam site, but Valve has said it is woking on getting them back up and running as soon as possible.