Turns out that the Steam forums hack on Sunday was deeper than just some forum accounts. Fortunately, it looks like sensitive information like passwords and credit card information was encrypted in such a way that it most likely will not be an issue for most users. If you have a Steam account, be a little more observant on your credit card charges, but there shouldn’t be a need to act further.
Still, it goes to show that any online service company, no matter how well run, is at risk from malicious attacks. Make sure your passwords are strong.
From Gabe Newell’s letter:
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked. We are still investigating.
We don’t have evidence of credit card misuse at this time. Nonetheless you should watch your credit card activity and statements closely.