Valve have just informed Steam users that their database has been compromised.
Here’s an excerpt of an IM sent to all users, from head Gabe Newell:
Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.
I am truly sorry this happened, and I apologize for the inconvenience.
Might be a good idea to go on a password-changing binge, people. And keep an eye on your credit card statement for a bit, too.