Valve head Gabe Newell has announced today that Steam as a whole (browser, accounts & forums) has been hacked. Since last Sunday, a message (the message was via a vBulletin Forum post, but now has replaced now that forums are back online) has been up on the forums clarifying an attack within the forums. In this message, Gabe clarified that account information for Steam’s forums and regular account information has been comprised as had been compromised for Sony with the Playstation Network.
While you can still play games, all of your information attached to your Steam accounts have been taken. This includes usernames, passwords, game purchases, person email addresses, billing addresses & credit card information. While they claim that no one has actually used any of the credit cards in a mischievous manor, how can Gabe speak for all those that just learned of the hack today.
Gabe says that all members of the Steam community need to change their password and possibly email to stop people from jacking their accounts. Gabe ends the bulletin with this simple line: “I am truly sorry this happened, and I apologize for the inconvenience.”
With this hack, I believe it wasn’t an internal assault on Valve’s servers; instead, it was a jacking of possibly thousands of accounts via a ‘Verification Email’. Posted on Twitter by RChaply, this picture show through using similar emails and names under the Valve copyright info-thieves took information through a deceptive link.
Instead of going to store.steampowered.com, the link leads to a website called BullseyeImage.com. Thanks to Candace at PDP for the links.