Millions of Gamers Have Their Data Stolen… Again: The Steam Breach

It’s happened – again. A major gaming network has been hacked, compromising millions of users’ information.

Last night, Steam – Valve’s online gaming service – announced that its database had been breached. The database included coded passwords, billing information and encrypted credit card information. Valve is still investigating whether this sensitive data has been cracked, but is recommending to its 35 million active users to change their passwords and monitor their credit cards closely. That’s right, 35 million active users. In case you didn’t know, Steam is by far the largest PC game-distributing platform.

Does any of this sound familiar?

Back in April, Sony’s PlayStation Network suffered from a similar security meltdown. After hackers broke into the database, Sony was forced to shut down the PlayStation Network for three months. Over 100 millions users had their information corrupted and 93,000 accounts were shutdown. Sony’s estimated loss totaled above $18 million.

And then there was the Electronic Arts attack in June. Here, hackers successfully broke into the BioWare Neverwinter Nights system – gaining access to its database of emails, mailing addresses, phone numbers, and birth dates.

Outside of gaming networks, the past six months have included major security breaches for a host of online servers. For example, LastPass was also broken into in June. The attackers accessed the LastPass database, which included email addresses and salted password hashes. For those with dictionary-derived passwords – especially if those passwords were used across multiple channels – the threat of having their data cracked was high.

It’s clear: broad-based spam phishing attacks are rampant and worse, they work. Check out the timeline of recent server hacks below, and follow the Okta blog as we continue to keep you updated with the latest regarding security breaches impacting consumers and enterprise.

Securing sensitive information online is an issue that needs to be addressed. We’ve brought this statistic up before on the Okta blog, but in light of recent events, it bears repeating: 75% of all web users use the same password for everything.

Whether it’s email addresses (work and personal), online shopping accounts, banking information or other sites, the majority of consumers are making themselves vulnerable. And when consumer servers get hacked, enterprise password security also becomes a very real concern.

If the majority of people are using the same password for everything, IT administrators have to consider that employees are bringing these same passwords to web-based company apps. For enterprise, this means a couple of things. First, multifactor authentication (MFA) becomes a crucial best practice for managing a company’s web apps. Second, IT needs to be able to monitor access to these apps from a single place.

At Okt,a we believe in a cloud-first approach. We also believe that’s important to be aware of the potential risks associated with storing information online and to make sure you’re protected. For consumers, this could mean simply varying your account passwords. For enterprise, this involves making thoughtful choices in how you manage employee access to web-based apps.

TIMELINE OF RECENT SECURITY BREACHES:

• NOVEMBER 10th: Valve’s Steam server hacked.
• JUNE 24th: Electronic Arts’ BioWare server hacked.
• JUNE 20th: Sega hacked – 1.3 million users had sensitive information stolen.
• JUNE 20th: Dropbox files left open due to bug.
• MAY 16th: LastPass database stolen.
• MAY 10th: Citigroup hack exposed the data of 360,000 accounts, millions stolen.
• APRIL 27th: Sony PlayStation Network hacked.
• MARCH 30th: Epsilon (email communications manager) had the email database for 26 companies – including Citi, Walgreens and BestBuy – stolen.