Valve head Gabe Newell sent a mass email to Steam and Steam Forum users today, providing an update as to investigations into last year's incident that saw forums defaced and the Steam database potentially breached by hackers. While there's still “no evidence” that hackers obtained user data from within the database, Newell warns the company's “learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008.”
“This backup file,” says Gabe, “contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.” While there's still no evidence that credit card data or billing addresses have been compromised, the email urges Steam users to continue monitoring credit card accounts and receipts, as well as ensuring Steam Guard is active.
Newell says the investigation continues, and not to worry if you receive a more official-looking cautionary notice in the days to come: some states require formal notification of these types of investigations, whereas others are happy for a guy to just send a mass-email around.