Laut Gabe Newell hatten Hacker im November 2011 Zugriff auf Backup-Dateien, die sensible persönliche Informationen enthielten. Im vergangenen November haben Hacker über die Forensoftware die beliebte Online-Plattform Steam angegriffen. Valve-Chef Gabe Newell machte den Angriff schnell bekannt und versprach Aufklärung. An diesem Wochenende hat sich Newell erneut an die Steam-Nutzer gewandt.
Demnach habe Valve mit Hilfe von externen Sicherheitsexperten feststellen können, dass die Angreifer vermutlich Zugriff auf Backup-Dateien aus den Jahren 2004-2008 hatten. Diese Dateien enthalten Benutzernamen, E-Mail-Adressen, verschlüsselte Rechnungsadressen und verschlüsselte Kreditkarteninformationen. Passwörter sind nicht enthalten.
Es ist nicht klar, ob die Angreifer die Verschlüsselung der Adress- und Kreditkarten knacken konnten. Laut Newell gäbe es dafür »keine Beweise«. Sicherheitshalber erinnert er jedoch Nutzer von Steam daran Kreditkartenabrechnungen im Auge zu behalten und Steam Guard zu nutzen.
Hier die komplette Nachricht im Original:
Dear Steam Users and Steam Forum Users:
We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.
Gabe
Demnach habe Valve mit Hilfe von externen Sicherheitsexperten feststellen können, dass die Angreifer vermutlich Zugriff auf Backup-Dateien aus den Jahren 2004-2008 hatten. Diese Dateien enthalten Benutzernamen, E-Mail-Adressen, verschlüsselte Rechnungsadressen und verschlüsselte Kreditkarteninformationen. Passwörter sind nicht enthalten.
Es ist nicht klar, ob die Angreifer die Verschlüsselung der Adress- und Kreditkarten knacken konnten. Laut Newell gäbe es dafür »keine Beweise«. Sicherheitshalber erinnert er jedoch Nutzer von Steam daran Kreditkartenabrechnungen im Auge zu behalten und Steam Guard zu nutzen.
Hier die komplette Nachricht im Original:
Dear Steam Users and Steam Forum Users:
We continue our investigation of last year's intrusion with the help of outside security experts. In my last note about this, I described how intruders had accessed our Steam database but we found no evidence that the intruders took information from that database. That is still the case.
Recently we learned that it is probable that the intruders obtained a copy of a backup file with information about Steam transactions between 2004 and 2008. This backup file contained user names, email addresses, encrypted billing addresses and encrypted credit card information. It did not include Steam passwords.
We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. However as I said in November it's a good idea to watch your credit card activity and statements. And of course keeping Steam Guard on is a good idea as well.
We are still investigating and working with law enforcement authorities. Some state laws require a more formal notice of this incident so some of you will get that notice, but we wanted to update everyone with this new information now.
Gabe