In November, Valve admitted that one of the databases for its Steam PC game download service had been the victim of a cyber attack. At the time Valve CEO Gabe Newell said that the database included information like "user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."
Today Newell posted up word on Steam's web site that the cyber attack was still under investigation and that probe had discovered a possible new part of the original attack:
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
Newell added there was no evidence that the credit card information had been compromised but still advised Steam users to keep an eye out on their credit card statements. He also said that Valve and law enforcement authorities were still investigating the cyber attack.
Valve recently announced that Steam now has 40 million registered users and that it had reached a peak at one point of 5 million concurrent users.