Over the past decade, Steam has become the largest gaming platform software for both PC and Macintosh computers (even partially for the PS3). If you still don't know of the software, it essentially provides the computer gaming community with the largest
digital distribution,
digital rights management,
multiplayer and social-media platform to date. When you purchase a game through steam, you literally hold access to a 100% fully downloadable copy of it on any PC you want with a user account to access it. It's revolutionized the gaming industry in many ways and now with the increased user traffic and publicity comes the inevitable hackers with unknown intentions.
On November 11, 2011 - Steam's main user information severs were hacked by unknown intruders who gained access to an encrypted database of personal information including passwords and credit card info. Valve
officially confirmed this security breach yesterday afternoon to all users of the platform and forums. The forum accounts were the main focus of concern - with Valve requiring password changes for users but they are still assessing the potential damages to the Steam users outside of the forums as well. Basically, they are unsure at the moment of how much was actually stolen or if the encrypted information could be cracked open.
How to better protect your accounts from these attacks.
To avoid being the low hanging fruit that actually gets picked. When a massive user database of random low-target (non-celebrity) people is compromised - the most secure accounts will be tossed aside.
1. Change your passwords for both Steam and their forums asap. They have a password strength assessment tool when you create a new password and I suggest you make one that fills the entire strength rating. Be sure to use random text (upper and lower case), numbers, & special characters.
2. Don't store credit cards on servers in the first place. If you currently have one stored on Steam now, go ahead and remove it by going to your "Account History" and removing all stored cards (on the right). Those who didn't store their numbers on the server should technically be safer.
3. Set your accounts to private or friends-only. Many web search tools such as Google are notorious for being so powerful that they can also exploit sensitive data from "publicly shared" accounts. This is especially true with things like "cached websites" in the search. Unless your absolutely sure the information is intended to be public, don't make it public.
4. Use the authentication tools. Steam has something called the Steam Guard that requires users to confirm account access with unique generated codes sent to their email each time they want to sign into Steam with a different computer. This seriously reduces the chances of unauthorized access unless the attacker also has access to your email account (which should also have a difficult password).
5. Don't share the email account used to manage other accounts. For instance with Facebook, it's best to not share the email you use to manage your Facebook account. Hackers can easily target the emails a user shares as a first step to gaining access to their passwords for other applications associated with the email. If you really want to be safe, create a separate confidential email with a really difficult password to only manage your user accounts. Also change its password every couple of months.