Ah thanks I can stop worrying now.

unless of course they also got the codes to decrypt it.

Why even bother posting this on gog? Anyone who uses steam on a regular basis will see it for themselves, and way to try and make it sound much worse than it is in the title

"We do not have any evidence that the encrypted credit card numbers or billing addresses have been compromised. "

HAH! If they can find my old credit card I'll give them money!

Not that there's any on there anyway.

Because some of us only use Steam to play the games, and not read the newspaper.

Seems like we got ourselves (*sunglasses*) a Steam leak.

Bada-bish.

That is completely untrue. I use Steam on a regular basis and I would not know if not for this thread (unless someone else made a similar one).

Same here, thanks to the OP for bringing it up!

Well, I joined Steam in 2009 and didn't buy anything until chrismas that year. And my current cc is from last year and the old has been cancelled.

I'm "triple safe". Nice feeling

We know. It's all encrypted. It's safe.

That's what they said about Skynet!

... or will they about Skynet... or will have said about Skynet...

That's incredibly unlikely. The decryption keys will be on a separate server, unless Valve are idiots and each card will have a unique key.

Additionally, the card numbers will be salted; random shit will be thrown in there so the encryption algorithm won't even look like regular stuff. It will still take you a century or so to sift all the salt out.

Seriously. The sun will roast the Earth before anybody gets your credit card numbers from this file.

unless of course they also got the codes to decrypt it. ;-)

But yes, that's unlikely. There are certain very strict standards that you must meet before you are legally allowed to store credit card details - the intention being that the information is safe even if your security is breached and files stolen. When Sony was sued a while ago after being hacked, it was over falsifying these precautions and not actually over the fact that they were hacked. Valve would be pretty stupid to make the same mistake.

One, they were encrypted, if they were properly encrypted than nothing is compromised, that's the point of encryption. Two, most banks don't change your number when they issue a new card, they simply change the expiration date forward by two years, which is easy to guess. Basically if they can decrypt it and the account is still active they essentially have the information to use it.

My current cards expire in a couple months anyway, and my bank is one of those that issue new numbers. And I've got three different ID theft services working for me. I think I'm good.

When I received my latest cc all but the first 4 numbers were different. I think the personal information could lead to more trouble. I shudder when I think that someone can rifle through my "electronic trash." Contacts, unencrypted emails etc can lead to all sorts of mayhem.

I guess this is what happens when Gabe Newell challenges people to break his security. Hopefully the hackers are satisfied that they beat his system and that it ends there; that further criminal actions are not forth coming.