Valve’s Steampowered Servers said to have been hacked

It seems that hackers have intruded into Web servers provided by Valve Software, manufacturer of products such as Counter Strike und Half Life, and have spied out thousands of credit card numbers. According to reports in media and from customers, Valve has tried to hold back information instead of informing affected customers about the problem. There have been several alleged attempts to delete discussion threads in forums on steampowered.com that deal with this incident and users have been requested to stop posting articles and contributions about it. So far, Valve has not published an official statement. A request by heise online has not been answered yet.

A hacker with the nickname MaddoX claims to have spied out the credit card data of cybercafé owners using "Valve's cybercaf". Only customers of the program can offer games by Vale in their cybercafé or gaming center. To prove his hack, MaddoX has published screenshots with customer data to demonstrate how he has gained access to the Valve platform.

MaddoX claims to have already hacked the servers in January. Valve is said to have been informed since April 8 and has obviously tried to fix the hole. However, it seems still possible to access the database. The postings by MaddoX on his hack in the independent forum No-Steam cannot be accessed any more. The archive with the "proofs" cannot be downloaded from RapidShare any more, either.

[Update]

According to reports in the US media, Valve has declared that no Steampowered servers were affected by this hack. Apparently, only a billing server within the Cyber Café Program has been affected, which is not connected to Steam. The credit card numbers disclosed are those of the cybercafé owners, not those of gamers. Meanwhile, Valve has called in police investigators to handle the case.

(mba)