Online gamers can’t seem to catch a break this year. Mere months after Sony’s PlayStation Network suffered one of the largest data breaches in history, Washington-based Valve Software announced that its Steam Internet gaming service suffered an intrusion.
Steam is used to distribute such popular gaming titles as Call of Duty and Skyrim, among the more than 1,400 others.
Gabe Newell, the founder of Valve, disclosed the incident in a letter to users on November 10. He said that the Steam service was hacked on November 6 and that the company had launched an investigation to determine the extent of the intrusion and how its data security measures were circumvented.
“This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information,” Newell wrote to customers in an email. “We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”
Initially, it was believed that all cybercriminals had done was deface the Steam community forums. However, further review of the incident revealed that hackers had in fact gained access to a secure database containing the sensitive information on about 35 million users who have accounts with the service.
Steam gamers’ first inclination that something was wrong occurred when repeated messages from a mysterious user began showing up on the community boards. The messages alluded to users wanting to “dominate the servers you play on with guaranteed results,” according to MSNBC.
Steam users alerted the company, but the founder of the mysterious account posted a message on his site denying responsibility for the posts.
Whoever was responsible, it changes little about the fact that this is yet another stain on the reputation of an industry that collects and stores sensitive information online. Almost instantly, experts and industry pundits began comparing this latest data breach with the infamous incident suffered by Sony back in April.
Unlike the Sony incident, contributor Mack Peckham wrote for Time Magazine’s Techland, Valve got the word out about the Internet security threat as soon as it could. It took Sony a full seven days before it admitted that hackers had breached its data protection defenses.
The company at first said the issue was an internal technical problem before admitting that an intrusion from the outside occurred. That, Peckham said, delayed Sony’s response.
“I used to be a network engineer for a large Fortune 500 company, and can say most well-staffed corporations know whether a breach occurred shortly after it’s happened, but sourcing the perps and running packet-level analyses to verify who went where and what they accessed can take days,” Peckham wrote.
Perhaps learning from Sony’s misstep, Newell and Steam jumped ahead of the surefire media firestorm and disclosed what they knew. However, as the investigation is ongoing, the full extent of the breach remains a mystery.
Data security incidents such as these routinely call into question the online data sharing habits of Web users. Given the continued newsworthiness and attention paid to information theft, it seems time for Internet users to reevaluate how much information they are willing to share online.
Security News from SimplySecurity.com by Trend Micro
