• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Privacy & Policy   »   Steam gaming network hacked, sensitive information feared stolen

Steam gaming network hacked, sensitive information feared stolen

  • Posted on:December 7, 2011
  • Posted in:Privacy & Policy
  • Posted by:
    Trend Micro
0

Online gamers can’t seem to catch a break this year. Mere months after Sony’s PlayStation Network suffered one of the largest data breaches in history, Washington-based Valve Software announced that its Steam Internet gaming service suffered an intrusion.

Steam is used to distribute such popular gaming titles as Call of Duty and Skyrim, among the more than 1,400 others.

Gabe Newell, the founder of Valve, disclosed the incident in a letter to users on November 10. He said that the Steam service was hacked on November 6 and that the company had launched an investigation to determine the extent of the intrusion and how its data security measures were circumvented.

“This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information,” Newell wrote to customers in an email. “We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

Initially, it was believed that all cybercriminals had done was deface the Steam community forums. However, further review of the incident revealed that hackers had in fact gained access to a secure database containing the sensitive information on about 35 million users who have accounts with the service.

Steam gamers’ first inclination that something was wrong occurred when repeated messages from a mysterious user began showing up on the community boards. The messages alluded to users wanting to “dominate the servers you play on with guaranteed results,” according to MSNBC.

Steam users alerted the company, but the founder of the mysterious account posted a message on his site denying responsibility for the posts.

Whoever was responsible, it changes little about the fact that this is yet another stain on the reputation of an industry that collects and stores sensitive information online. Almost instantly, experts and industry pundits began comparing this latest data breach with the infamous incident suffered by Sony back in April.

Unlike the Sony incident, contributor Mack Peckham wrote for Time Magazine’s Techland, Valve got the word out about the Internet security threat as soon as it could. It took Sony a full seven days before it admitted that hackers had breached its data protection defenses.

The company at first said the issue was an internal technical problem before admitting that an intrusion from the outside occurred. That, Peckham said, delayed Sony’s response.

“I used to be a network engineer for a large Fortune 500 company, and can say most well-staffed corporations know whether a breach occurred shortly after it’s happened, but sourcing the perps and running packet-level analyses to verify who went where and what they accessed can take days,” Peckham wrote.

Perhaps learning from Sony’s misstep, Newell and Steam jumped ahead of the surefire media firestorm and disclosed what they knew. However, as the investigation is ongoing, the full extent of the breach remains a mystery.

Data security incidents such as these routinely call into question the online data sharing habits of Web users. Given the continued newsworthiness and attention paid to information theft, it seems time for Internet users to reevaluate how much information they are willing to share online.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Another video game company hacked
  2. Sending messages securely: How to best transmit sensitive information
  3. Sony looks to bolster data security with new hires
  4. Information security: How Hackers Leverage Stolen Data for Profit

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.