Hackers probably stole Steam transaction data, Valve says

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9224215/Hackers_probably_stole_Steam_transaction_data_Valve_says

By Lucian Constantin
IDG News Service
February 13, 2012

Valve has informed users of its Steam online game distribution platform 
that hackers have probably downloaded encrypted credit card transaction 
data from a backup database during an intrusion last year.

In November 2011, Valve announced that hackers gained unauthorized 
access to Steam's user database, but said that there was no evidence to 
suggest a leak of encrypted credit card details at that time.

However, that has since changed. "Recently we learned that it is 
probable that the intruders obtained a copy of a backup file with 
information about Steam transactions between 2004 and 2008," said Gabe 
Newell, Valve's co-founder and managing director, in an email sent 
Friday to Steam users.

According to Newell, the backup file contained Steam user names, email 
addresses, encrypted credit card details and encrypted billing 
addresses, but no account passwords.

Valve doesn't have reasons to believe that the sensitive transaction 
data was decrypted, Newell said. However, this possibility should not be 
excluded.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.
www.ExpandingSecurity.com/PainPill