Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Online Gaming Company Says Hackers Obtained Unauthorized Database Access

Earlier this week, the Steam user forums, where gaming fans gather to discuss a wide range of titles from Left 4 Dead to Call of Duty, in addition to the Steam platform itself was defaced, causing some to fear the worst. On Thursday, Valve – the software company behind Steam and several popular games – confirmed those fears.

Earlier this week, the Steam user forums, where gaming fans gather to discuss a wide range of titles from Left 4 Dead to Call of Duty, in addition to the Steam platform itself was defaced, causing some to fear the worst. On Thursday, Valve – the software company behind Steam and several popular games – confirmed those fears.

Steam Database BreachSteam is a gaming platform where gamers can buy and download more than a thousand games, from classic shooters to new releases, and play them from any computer. The Steam service is also backed by a large gaming community on the forums, and many of them use the service to chat as they play.

In a message posted to users, Valve said that the investigation into the forum defacement has led them to the reality that the attack was much larger.

“We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating,” the statement to the community explained.

“While we only know of a few forum accounts that have been compromised, all forum users will be required to change their passwords the next time they login. If you have used your Steam forum password on other accounts you should change those passwords as well.

“We do not know of any compromised Steam accounts, so we are not planning to force a change of Steam account passwords (which are separate from forum passwords). However, it wouldn’t be a bad idea to change that as well, especially if it is the same as your Steam forum account password.”

The forums run vBulletin, a platform commonly targeted by attackers online. It is currently unknown of Valve uses the vBulletin publishing platform or just the forum software, but both offerings have had several security releases this year. Currently the platform is on version 4.x, while Valve is reporting 3.x on their main page.

Several of the vulnerabilities disclosed and patched on the vBulletin platform are related to XSS and SQL Injection, both avenues of attack could be used to gain access to the database in question.

In the meantime, forum access remains restricted until things are sorted out. While nowhere near the scope of the attack on Sony, Valve does have millions of accounts on the Steam service, and thousands more on the forums. If the Steam accounts were compromised as well, this could get ugly.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.