In a message sent to all Steam users by Valve's Gabe Newell, it was revealed that the vandalizing of the Steam forums
, which occurred on November 6, was followed by an intrusion on "a Steam database." The hacked database included usernames, "hashed and salted" passwords, transcripts of game purchases, email and billing addresses, and encrypted credit card info. The message specified that Valve doesn't have any evidence of the intruders taking the credit card numbers or any other "personally identifying information," or that the encryption on said numbers or passwords had been cracked.
The company is investigating the incident, but because a few forum users have been compromised all users must change their passwords during their next forum visit. Steam users aren't forced to change their passwords, but are encouraged to do so, especially if they match their forum passwords. Also, if your bank account, Paypal account, PSN, Xbox Live, email, AIM or, you know, anything, shares your forum password, you should probably change that too -- and then you should probably just move into a log cabin in the woods for a while.
You can read Newell's full message after the break.