It’s been a bad ten months for online gamers who value their credit cards. First, last April, came news of a huge data breach at Sony, which exposed up to 77 million people to identity theft and credit card fraud. Then, in November, online game distributor Valve announced that its popular Steam service had been infiltrated by hackers. At the time, Valve said the hackers didn’t get any information from its database.
But the Valve/Steam breach may wind up affecting consumers anyway. In a recent statement to users, Valve CEO Gabe Newell announced that the hackers did manage to steal a backup file containing user names, email addresses and encrypted credit card data and encrypted billing addresses for Steam transactions between 2004 and 2008.
“We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised,” Newell says in a press release. “However as I said in November it’s a good idea to watch your credit card activity and statements.”
The announcement did not mention how many users were affected, or how many transactions were accessed. The number is likely to be in the millions, since Valve is by far the dominant player in online game distribution, according to Brad Wardell, CEO of Stardock, a competing company. Valve did not respond to a phone call or email seeking additional information.
In his statement, Newell says the data breach is still being investigated. Valve will mail formal notifications of the breach to customers in states where it’s required to do so, Newell says.