Update: Valve has acknowledged that a hacker has gained access to restricted areas of their server but the developer insists that Steam was not hacked.
Doug Lombardi, director of marketing at Valve, says, There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com.
In a recent comment MaddoxX did state that, it's not a hack on the Steam application itself; there are flaws/bugs on their servers. People with a little bit experience can create their own 'fake' but working Café certificates.
MaddoxX however, claims to have the credit card information of some of Valve's customers, information which Valve claims is not stored on its servers. So how did MaddoxX get his hands on such information? (If he did) Why has Valve taken this long to acknowledge the security breach? And more importantly, why has the company not paid attention to MaddoxX when he informed them of the possible security flaws of their system?
I did try [to] contact them several months ago. At the time, I didn't do anything harmful -- just got [a few free copies of games] but never heard anything from them, said the hacker to 1Up. I tried to warn them to fix bugs...but as usual, they don't listen. Not only did Valve employees ignore his emails warning about security flaws but they also deleted all relevant threads he tried to post on the official developer forums. They don't even warn or reply to their Café customers that private information is leaked, he says.
