NEW YORK (
) -- We've got bad news, gamers: Your data just got stolen. Again.
Video game company Valve announced last Thursday that it had suffered a data breach of its popular game download service, Steam. In a message to customers on the
, Valve founder Gabe Newell explained that the service's database, containing customers' personal data, had been breached.
Steam, a popular PC game download service, says it's the victim of a data breach, the latest in a rash of gaming company hacks.
"This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information," Newell explained. "We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating."
As with similar data breaches, this is a good news/bad news situation for Steam's 35 million users. The good news, of course, is that those credit numbers were encrypted, meaning there's little risk of direct theft happening as a result (though Newell did urge users to monitor their credit card activity).
The bad news is that whoever broke in can still do plenty of damage with the data.
As we explored earlier this year
, a hacker who possesses your email address and other personal information could craft a convincing-looking phishing email to try to trick you into giving up other information or to click on malicious links.
Passwords are also a concern. While accounts for the Steam service itself are believed by Valve to be secure, Newell did say that users with accounts for the discussion forums will be required to change them. More importantly, people who use the same password for multiple services are at risk for breaches of their other accounts; if a hacker has your email address and the password you used for the Steam forums, he or she is likely to try that combination on various popular services and hope to get lucky.
"If you're a forum user and use that same password elsewhere, you're highly likely to have those
accounts broken into," explains Chester Wisniewski of security firm Sophos.
What makes this particular breach notable though, aside from the sheer number of affected users, is that it's just the latest in a long string of attacks involving companies that serve gamers. The most significant, of course, was the
massive breach of the PlayStation network
that compromised the personal data of more than 100 million users. Meanwhile, similar attacks have been carried out this year against Japanese game companies Sega and Square Enix, as well as a
that thankfully did not result in any customer data being stolen.
So what gives? Are video game companies worse than the rest of the business world at securing their customers' data?
Wisniewski says this probably isn't the case, noting that poor data security is a universal problem and that it's more likely that the high-profile nature of gaming companies simply makes it a bigger story when they are attacked. He does, however, say that the Steam attack bears some hallmarks of a more amateur attack, suggesting that this may have simply been the work of someone who already uses the service and decided to mess around.
"If this was Russian hackers trying to steal credit card numbers, they wouldn't have touched the forums," he says, referring to the fact that the breach was preceded by the forums being defaced last weekend. "I think it's an amateur hacker."
Once again, then, it's a good news/bad news situation. The good news is that you don't need to worry about a video game company's data security any more than you need to worry about any business's data security. The bad news is that the current state of data security means you're at risk any time you hand over personal data to a business, whether it's a game publisher or a clothing retailer.
The lesson, then, is to be circumspect about who you give your data to, and keep those passwords secure.
>To submit a news tip, email:
Follow TheStreet.com on
and become a fan on