Last November a hacking attempt "defaced" Steam's forums. It was suspected that the hackers may have gained access to a database including encrypted personal user information.
President Gabe Newell announced today that it is probable the hack gained a copy of a backup file containing Steam purchase information from 2004 to 2008. The backup file included user names, email addresses, encrypted billing addresses and encrypted credit card information. User passwords were not a part of the backup file.
No current evidence suggests that the encrypted credit card data has been compromised.
Valve is continuing a full investigation with law enforcement authorities regarding the hack.
Steam had its seventh consecutive year of over 100% growth in 2011. Growth was attributed to a number of high selling titles like Elder Scrolls V: Skyrim, which became the fastest selling game in Steam's history.
Read Gabe Newell's statement updating on Steam's hack in full:
Dear Steam Users and Steam Forum Users
We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.