Treat Valve’s data hack as seriously as Sony’s
The hack of video game developer Valve’s online gaming service Steam has reignited worries about data security in large online communities – as if those embers could ever be extinguished. Marketers now need to understand the underlying issues and start communicating with consumers.
Valve, whose game titles include Half-Life and Portal, announced last Thursday that it had suffered a breach of its user forums, as well as a database containing passwords and financial details. Over 35 million people use Steam.
The message left on Steam’s forum by Valve co-founder Gabe Newell did not confirm whether credit card details or passwords had been stolen, or whether the encryption protecting this data had been broken by the hackers.
He did say that the company had not yet received reports of fraudulent activity on users’ accounts, but advised subscribers to keep a careful eye on card transactions and to change passwords on any services that were the same as their Steam forum passwords. Steam users have begun posting claims of irregular financial transactions on the forums, though these are not necessarily related to the hack.
The story sounds worryingly reminiscent of the data breach suffered by another online gaming community, Sony’s PlayStation Network (PSN), earlier this year, which affected around 77 million subscribers.
Sony received widespread criticism for failing to be forthright about the reason it took PSN offline in April. It took three days before Sony acknowledged it had been hacked, and a week to confirm that data thefts had occurred. PSN remained offline for a month as a second hack was uncovered, and as Sony investigated its security infrastructure and the extent of the intrusion.
Valve does not seem to have done a great deal better in terms of providing information. Newell’s message came five days after the original hack and there have apparently been no updates over the weekend between then and now.
Yet Valve has not suffered the media and consumer backlash that Sony did. One of the main differences appears to be that the Steam service remained online, though the forums were taken down for a short time. This could be because Valve is confident its systems are no longer vulnerable, or it could be because it is simply being less cautious and wants users to believe everything is back to normal. It seems to be working, from a short-term PR point of view at least.
The other main difference is that, even though Steam is a huge community, Valve is not a publicly listed company with the diverse business interests, public profile and shareholders as Sony. That does not make it any less responsible for its customers’ data, though.
The fact is that any business holding large amounts of customer data should consider itself a hacking target, and should prepare itself accordingly. That includes having crisis management strategies that quickly identify security breaches and communicate the extent of the damage to customers.
But more importantly, all companies must ensure that their data security measures are commensurate to the threat, and that customers know exactly how safe their data is. Otherwise consumers’ growing wariness about giving up data in exchange for services could lead to a loss of trust and much more government regulation.
Do you have a data strategy you want to shout about, which has delivered impressive ROI to your business? Enter the Marketing Week Engage Awards 2012 and you could be recognised at the industry’s blue-riband event. For details of how to enter in the data-driven marketing category, and more, click here.
