Steam Web sites hacked, gamer data exposed

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.cnet.com/8301-27080_3-57322788-245/steam-web-sites-hacked-gamer-data-exposed/

By Elinor Mills
InSecurity Complex
CNet News
November 10, 2011

Hackers broke into a database with customer information at the Steam 
online gaming site, accessed user forum accounts and defaced a forum site, 
the company said.

"Our Steam forums were defaced on the evening of Sunday, November 6. We 
began investigating and found that the intrusion goes beyond the Steam 
forums," Gabe Newell, co-founder of Steam developer Valve Corp., said in a 
statement posted to the Steam site.

"We learned that intruders obtained access to a Steam database in addition 
to the forums," he added. "This database contained information including 
user names, hashed and salted passwords, game purchases, email addresses, 
billing addresses and encrypted credit card information."

The statement said there was no evidence that encrypted credit card 
numbers or personally identifying information was stolen or that 
protection on the credit card numbers was cracked. "We don't have evidence 
of credit card misuse at this time," Newell said. "Nonetheless you should 
watch your credit card activity and statements closely."

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/