Update:
Valve has acknowledged that a hacker has gained access to restricted areas of their server but the developer insists that Steam was not hacked.
Doug Lombardi, director of marketing at Valve, says, There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com.
In a recent comment MaddoxX did state that, it's not a hack on the Steam application itself; there are flaws/bugs on their servers. People with a little bit experience can create their own 'fake' but working Café certificates.
MaddoxX however, claims to have the credit card information of some of Valve's customers, information which Valve claims is not stored on its servers. So how did MaddoxX get his hands on such information? (If he did) Why has Valve taken this long to acknowledge the security breach? And more importantly, why has the company not paid attention to MaddoxX when he informed them of the possible security flaws of their system?
I did try [to] contact them several months ago. At the time, I didn't do anything harmful -- just got [a few free copies of games] but never heard anything from them, said the hacker to 1Up. I tried to warn them to fix bugs...but as usual, they don't listen. Not only did Valve employees ignore his emails warning about security flaws but they also deleted all relevant threads he tried to post on the official developer forums. They don't even warn or reply to their Café customers that private information is leaked, he says.
The hacker, going by the name of MaddoxX, gave an IRC interview to The Free Nation Foundation website, voicing some of his demands. What he claims is that Valve is deliberately attempting to mislead customers that nothing happened in order to avoid the chaos the news would bring about. According to MaddoxX, Valve is also deleting all forum threads mentioning the hack.
The full interview follows:
<^QuickSilver> Hi, MaddoxX, can I get an interview?
sure
<^QuickSilver> Thanks, so, a huge fuss is being kicked up about the recent 'hacking' of Valve, why did you do it?
I always tried to get into their systems to steal stuff from them.. just to prove their security sucks
As you can see they can't even protect their games from piracy
ofcourse no company can do
but it is way to easy with VALVe lol
makes it fun :)
<^QuickSilver> And that's what it's all about, eh?
most of it
<^QuickSilver> Are you actually going to release credit card details?
Prolly.. they ignore me.
And I don't like it when I get ignored
I gave them several chances
<^QuickSilver> True that, and they've basically attempted to cover everything up? Why do you think that is?
Prevent chaos..
<^QuickSilver> So what do you plan to get out of this?
I aint planning shit
they can't do anything
anything else?
<^QuickSilver> Well, do you want anything from Valve?
Just a message on their site that there has been a hack onto their site.
Informing the users
<^QuickSilver> Okay, I think that's it
<^QuickSilver> Thanks for your time.
np