Valve Corp., the company that provides the popular PC game platform Steam, disclosed Thursday that it suffered a data breach this month.
The compromised database held account names, email addresses, billing addresses, encrypted credit card information and game purchases, Wired.com's GameLife blog reported Thursday. The hackers may also have obtained hashed and salted passwords, which are secure values used in authenticating user accounts. The exposure took place Nov. 6.
The Steam service is a digital storefront for Windows and Mac games. A user's Steam password can provide access to every game purchased on that account; even if the hackers do not have access to a user's payment data, a thief could sell the account itself based on the value of the games.
Valve, which is based in Seattle, stressed that it has not observed evidence that users' card details have been misused, though it advised them to monitor their bank statements.
Valve initially believed that only its online forums, and not its game accounts, were affected, the GameLife article said. It discovered in its investigation that its user information database was also accessible to the hackers.
Valve will not require Steam users to change their account passwords, though it suggests that they should, the article said.
Gawker Media's game blog Kotaku notes that although Steam's 35 million users are less than half the population that was affected by the Sony Corp. PlayStation Network breach disclosed in April, a higher concentration of users likely had credit or debit cards linked to their accounts. Just 12 million cards were affected in the Sony breach, though the PlayStation Network had about 77 million users at the time.