Encrypted data possibly stolen in Valve hack

Powered by SC Magazine
 

Hacked database contained 35 million user records.

Hackers likely stole encrypted credit card data and data in an attack on gaming company Valve last November.

Attackers were originally thought to have only defaced the company's website forum but Techworld revealed hackers accessed its user database that contained details of some 35 million people including user names, billing addresses, details of game purchases and email addresses.

Valve managing director Gabe Newell said in a message to the forum community there was no evidence that encrypted credit card numbers or personally identifying information was taken.

“We are still investigating,” he said. “I am truly sorry this happened, and I apologise for the inconvenience,” Newell said.

But in an email to Steam users, Newell said it was "probable" that attackers "obtained a copy of a backup file with information about Steam transactions between 2004 and 2008”.

He said the possibility that sensitive transaction data was decrypted should not be excluded.

“The good news is that the credit card details were properly protected as required by PCI, but that's probably not good enough for rebuilding the reputation of the Steam service," SafeNet UK sales director Aydin Ucbasaran said.

He said cryptographic digital keys should be stored in an isolated  hardware-based repository.

“This will not only remove the likelihood of hackers stealing the digital keys, but will also ensure the organisation maintains full control of encrypted data even if it falls into the hands of cyber criminals.”

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Encrypted data possibly stolen in Valve hack
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 334

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 139

Vote