Gabe Newell on the Steam hack: 'Probable' that user information obtained

The Steam forums and database was hacked in November, and Valve is still investigating the breach. In a new note to Steam users, Valve head Gabe Newell announced that "it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008." The file contained user names and email addresses, and encrypted billing addresses and credit-card information, but it did not include passwords, Newell said.

So far there has been no evidence that credit cards or billing addresses have been compromised from the attack, but Steam users should pay close attention to their accounts and keep Steam Guard on, Newell said. Read Gabe's full update below, which has been sent to all Steam gamers as well.

Update: The headline previously included the phrases "credit card info" and "at risk," which seemed alarmist to some readers. It has been updated and glasses of warm milk passed around to everyone. Enjoy.
Dear Steam Users and Steam Forum Users:

We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.

Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.

We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.

We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.

Gabe

This article was originally published on Joystiq.