Over the weekend the Valve Steam forum was defaced by hackers redirecting requests for the forum to the hackers website.
Now after further investigation by Valve it looks like the hack went
deeper than originally thought and has compromised the main Steam
The main Steam database contained information including user names,
hashed and salted passwords, game purchases, email addresses, billing
addresses and encrypted
credit card information. Although Valve are still unsure
whether encrypted credit card numbers or personally identifying
information was taken.
We learned that intruders obtained access to a Steam database in
addition to the forums. This database contained information including
user names, hashed and salted passwords, game purchases, email
addresses, billing addresses and encrypted credit card information. We
do not have evidence that encrypted credit card numbers or personally
identifying information were taken by the intruders, or that the
protection on credit card numbers or passwords was cracked. We are still
We don’t have evidence of credit card misuse at this time.
Nonetheless you should watch your credit card activity and statements
While we only know of a few forum accounts that have been
compromised, all forum users will be required to change their passwords
the next time they login. If you have used your Steam forum password on
other accounts you should change those passwords as well.
We do not know of any compromised Steam accounts, so we are not
planning to force a change of Steam account passwords (which are
separate from forum passwords). However, it wouldn’t be a bad idea to
change that as well, especially if it is the same as your Steam forum account password.
So if you have used passwords across multiple accounts with the same email address it might be time to update them all.