follow-up: Hackers probably stole Steam transaction data, Valve says

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9224215/Hackers_probably_stole_Steam_transaction_data_Valve_says

By Lucian Constantin
IDG News Service
February 13, 2012

Valve has informed users of its Steam online game distribution platform 
that hackers have probably downloaded encrypted credit card transaction 
data from a backup database during an intrusion last year.

In November 2011, Valve announced that hackers gained unauthorized access 
to Steam's user database, but said that there was no evidence to suggest a 
leak of encrypted credit card details at that time.

However, that has since changed. "Recently we learned that it is probable 
that the intruders obtained a copy of a backup file with information about 
Steam transactions between 2004 and 2008," said Gabe Newell, Valve's 
co-founder and managing director, in an email sent Friday to Steam users.

According to Newell, the backup file contained Steam user names, email 
addresses, encrypted credit card details and encrypted billing addresses, 
but no account passwords.

Valve doesn't have reasons to believe that the sensitive transaction data 
was decrypted, Newell said. However, this possibility should not be 
excluded.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/