If you have accessed your Steam account since November 10, 2011 you know that we had a network intrusion. We learned about this intrusion when the Steam forums were defaced on November 6. Since then our investigation of this intrusion has continued with the help of outside security experts. We now have additional information we would like to share with you. We are providing this information to you in this formal way because it might be required by your state's law.
We've recently learned that it is probable that in 2009 the intruders obtained a copy of a database with information about Steam transactions between 2004 and 2008. This database contained user names, email addresses, encrypted billing addresses and encrypted credit card information. We do not have any evidence that the encryption on credit card numbers and billing addresses has been compromised. We are still investigating and working with the Seattle FBI office.
We don't have evidence of credit card misuse. Nonetheless, you should watch your credit card activity and statements closely.