Valve has now admitted that a cyber attack on the Steam message board forums, which first happened late on Sunday but which was first reported on Monday, extended beyond the forums to Steam's user account database. In an IM sent to Steam's users, Valve CEO Gabe Newell stated, "This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information."
Newell said that at the moment there is no evidence that the credit card numbers were actually taken by the unknown cyber attackers, nor is there any indication that Steam user passwords or their credit card numbers have been cracked by whoever is responsible. He added, "Nonetheless you should watch your credit card activity and statements closely."
Newell said that a few Steam forum accounts have been compromised and that the forums, when they come back online, will require users to put in a new password before accessing them again. There's no word on when the forums will be back up. Newell said that even though there's no suspicious activity that has been discovered with Steam user accounts (which has a separate password system from the Steam forums) he added," .... it wouldn't be a bad idea to change that as well, especially if it is the same as your Steam forum account password."
Newell added at the end of the IM, "I am truly sorry this happened, and I apologize for the inconvenience."
Obviously this is a huge blow to both Valve specifically and to the PC digital game industry in general. Since launching in 2004, Steam has become the number one destination for downloads of PC games and has been credited with saving the industry as a whole. Hopefully this is just a blip for Valve rather that a huge setback for the company.