Pay close attention, Sony. This is how the professionals handle security breaches.

Last November, the Valve Steam forums were broken into after a security breach.  The user interface of the forum had been defaced, and the forums were taken off offline after it was discovered that a Steam user database had been accessed by the hackers. In response Valve forced all forum users to immediately change their Steam Forum passwords. Valve managing director Gabe Newell apologized to Steam users for the security violation. Valve announced that it would launch an investigation into the intrusion.

Three months later, Newell announced that Valve has made progress with the investigation. It appears that the hacker or hackers have stolen a file that contained information regarding Steam transactions which took place between 2004 and 2008.

Thankfully, it would appear that credit card, billing address and other financial information had been encrypted in the stolen file. Unfortunately, usernames and associated email addresses were not encrypted, and could have been freely accessed by the hackers. Newell has stated that it does not appear that the financial information encryption was broken, but it obviously remains a possibility.

Gabe Newell, Valve CEO Applauded For Transparency Throughout Scandal

The silver lining? If we consider that the most recent stolen information dates back to 2008, even newly minted credit cards used for those purchases are close to the expiry date. It’s unlikely to be any consolation to those who were affected by the incident however. In the case that you still have a credit card used for a 2008 Steam purchase, you should change your password and monitor your transactions carefully.

Over the weekend, Valve suffered a massive power outage in their data center, knocking out Steam services for over an hour. The outage is apparently unrelated to the hacking incidents.

What can we all learn from Valve’s misfortunes? Be careful with your credit card information online, for starters. But maybe Sony could learn a thing or two from Valve. The Playstation Network outage in early 2011 allegedly cost Sony over $170 million, with users and groups alleging that Sony had delayed in announcing the security violation. Sony endured much criticism for the way they handled the incident, and the 2011 Playstation Network breach remains one of the largest data theft incidents in history.

Perhaps Sony would have been criticized much less if they had handled the incident in a way similar to Valve’s approach. At the time of writing, many Steam users were praising Valve for being open about the security violations, although others are obviously annoyed at the inconveniences the breach may have caused.

The best policy for big gaming companies? The next time someone breaks into your computer system and steals your customers’ personal information, you should probably let them now in a timely manner.