Video Games

Steam gets me sheepish

Naturally, immediately after I gave up on them (and after they changed my unanswered support ticket to “Resolved” for the fourth time) Steam finally replied to me. It took them nearly 60 hours but they replied. Their first reply was less than impressive:


Thank you for contacting Steam Support.

There has been no security breach of Steam.
Please refer to the following Forum post for more information.

We apologize for any inconvenience this may have caused.

There might be helpful information in this announcement, but I won’t know for another 6 days. Here’s my reply to them:

As you’ll note from my prior description and convenient screenshot, I’ve been banned from the forums. Thus this link does not help me.

2 hours later they replied again:

Hello Brian,

I apologize but I will be unable to lift the ban for your forum account.

There has been no security breach of Steam. The alleged hacker gained access to a third party site that Valve uses to manage the commercial partners in its cyber cafe program. This cyber cafe billing system is not connected to Steam.

We are working with law enforcement agencies on this matter, and encourage anyone with more information to email us at

I’d used the forums for the first time yesterday to simply acquire the information Valve finally provided me in this support ticket update, over 60 hours after my initial question. The words of my infuriatingly rational girlfriend, and of one of my readers, Mick, rang in my ears as I pondered what to write in reply:

Thank you for the clarification. That’s all I ever wanted.

I don’t know whether my support tickets were flagged “Resolved” by some automated means. If this was the case then I apologize for my impatience. This is the first time, to my knowledge, that the risk of identity theft has affected me.

Regardless, I hope Valve will consider making a public statement much sooner the next time something like this happens.

Thank you for your assistance. Perhaps I can trust Steam again in the future.

So in the end I’m torn. It’s too soon to make up my mind, I figure, on whether Steam is trustworthy. Their support certainly leaves much to be desired. Time will tell whether their credit card databases were breached. Until then I’ll continue keeping an eye on my account.

Was I justified in my anger? I think I was, but I’m my own worst influence so I can’t really trust my own opinion.

Is Steam trustworthy? Maybe. Probably. It’s a unique service with a very limited catalogue of games, but the games they feature are difficult to obtain by other means. I think I still trust Steam more than, say eBay, but that ain’t saying much. Am I a hypocrite if I continue buying from them? Do I need to concern myself with that?

Regardless, I’m a little relieved to hear Steam proclaim there was no security breach. I don’t entirely believe them at this point but my currently unmolested credit card account corroborates their story as of now.

More on this in the future, perhaps. Finally I agree, for the first of 5 times, that my support ticket is resolved.

By brian

About Brian Damage:

Who is Brian really?
I live in Toronto, Canada, and work for an IT firm. That's about as much real-world info I'm comfortable divulging here. What you read on my blog is the real Brian, but, for the sake of freedom of speech, I feel most comfortable leaving a gulf between my cyberspace and meatspace personae.

Who is Brian at work?
My ridiculous job title is "Marketing Specialist" since I wear so many hats at work. I'm a technical writer, a specialist in enterprise search technologies, an electronic forms designer, a newsletter author, system administrator... but I'm in the Marketing department so for the time being I'm stuck with this inauspicious title.

Who is Brian at play?

Who is Brian

3 replies on “Steam gets me sheepish”

well, that’s good to hear,
see, got yourself all worked up for nothing :)
but yeah, like i said, i have such peace of mind when making online purchases because I only ever use a (visa) “multi-access” debit card , which is linked to two of my bank accounts, one of which functions as a credit/debit card, (the other is my regular check/savings account) which for most of the time, I leave a balance of $0 in – that means $0 can be taken out.
then the only when *i* am the one making a purchase, i simply log into my bank and “top up” the debit account by transferring (instantly) only the necessary amount from my main account.
I have a schedule for regular monthly things like phone bills & internet etc. so the money is only ever in there briefly.
so I never need worry about someone knowing my card details because they will just get a “declined” if they try to do something silly ^_^ hehehe

Thanks for the sound advice. I like this concept. I’m going to investigate whether there are any fees coupled with this concept and will probably go for it. Sounds like precisely the thing I need.

But was I really worked up over nothing? I see Valve’s reluctance to make a public statement as a means of disassociating themselves with any bad press. This might be okay if people’s private billing information wasn’t at stake. A company as high-profile as Valve is probably going to get hacked a few times. They should have been more prepared for the investigation and especially the flood of scared customers clamouring to know whether their very identities are at risk. I just see this fiasco as an opportunity for Valve to show the world how they handle customer support issues. This was a freebie for Valve because all people wanted was assurance that they are aware of the issue and are actively engaged in it. This is customer service 101 here – an automated telephone message tells you this when your call is put on hold – but Valve couldn’t be bothered. Valve failed.

I’m relieved that there turned out to be no danger to me personally, but it sounds like (as it is STILL unconfirmed by Valve) there was a weak link in the chain that allowed this malicious individual to obtain records about cyber cafes. Why is Valve neglecting security in some aspects of its billing systems? Cyber Cafes are Valve’s regular source of income – their bulk purchasers. I saw in a leaked screenshot that a little cafe in my province was cut off for having a delinquent account. That’s probably enough information for me to call them up, posing as Valve, and have them write me a cheque.

Anyway, bad taste in my mouth overall. Unimpressive disaster planning procedures at Valve. That’s not a quality I admire in any retailer.

Comments are closed.