Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Hackers likely stole encrypted credit card data and data in an attack on gaming company Valve last November.
Attackers were originally thought to have only defaced the company's website forum but Techworld revealed hackers accessed its user database that contained details of some 35 million people including user names, billing addresses, details of game purchases and email addresses.
Valve managing director Gabe Newell said in a message to the forum community there was no evidence that encrypted credit card numbers or personally identifying information was taken.
“We are still investigating,” he said. “I am truly sorry this happened, and I apologise for the inconvenience,” Newell said.
But in an email to Steam users, Newell said it was "probable" that attackers "obtained a copy of a backup file with information about Steam transactions between 2004 and 2008”.
He said the possibility that sensitive transaction data was decrypted should not be excluded.
“The good news is that the credit card details were properly protected as required by PCI, but that's probably not good enough for rebuilding the reputation of the Steam service," SafeNet UK sales director Aydin Ucbasaran said.
He said cryptographic digital keys should be stored in an isolated hardware-based repository.
“This will not only remove the likelihood of hackers stealing the digital keys, but will also ensure the organisation maintains full control of encrypted data even if it falls into the hands of cyber criminals.”
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.