A security breach of the large online gaming community may have left encrypted customer credit card information in the hands of cyber intruders.
Steam gamers may be a little worried after learning that hackers could have accessed their personal and credit card information.
On the night of November 6, the video game distributor experienced a breach through which intruders defaced the site’s forums, according to a notice sent by Gabe Newell, CEO of Valve, the parent company of Steam, to customers. Additionally, the hackers were able to access Steam’s database.
Newell says that the database contains user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and encrypted credit card information. Steam has not yet proven that such information was stolen by intruders.
“We are still investigating. We don’t have evidence of credit card misuse at this time,” wrote Newell.
In September 2011, Valve confirmed that Steam has 35 million active users in 237 countries. Steam distributes over 1,800 video games including recently popular titles such as Batman: Arkham City, Call of Duty: Modern Warfare 3, and The Elder Scrolls V: Skyrim.
For Steam customers, there is some comfort in knowing that credit card information has been encrypted. However, it remains to be an unnerving situation. It’s similar to thieves who break into a home to steal a locked safe – the contents are secure as long as they can’t crack the lock.
As always, everyone is advised to regularly review credit card statements for any signs of fraudulent activity – regardless of whether or not credit card information has been compromised.
In the spring of this year, Sony’s PlayStation Network was hacked, which impacted roughly 77 million customers. Customer credit card data was among the information that could have been accessed by cybercriminals. In that case, the company did not say that the information was encrypted but Sony didn’t see any card fraud as well.
Sony responded to customer concerns with a free 12-month enrollment in an identity theft protection program.
The recent occurrences of cyber attacks supports the use of single-use, disposable account numbers when making online purchases. Credit card issuers such as Discover and Citi offer this feature as an extra layer of security.