First off, I know the so called "hacker"s. They're a bunch of kids that write off CS:S cheat packs (aimbots etc.) that get you VAC banned. The only thing they clearly got into is SPUF. Probably via an exploit. The forum, not Steam. No one has far managed to get into Steam itself, let alone these kids.
As for buying the game again, you don't have to use your CC. You can just buy it off the store and use the key. I'm not concerned about any of this. Even the way Gabe's message is written is cheesy. Like how he's "hacked and truly sorry" about it.
Oh please. It doesn't matter who hacked the forum and whatever other database they managed to get in to. If they got to the CC information, which Valve said they could at least see (note, see, not download), Valve screwed up as far as security goes. That seems like a poor security design on their part if it was tied in any way to the forum or steam profile database directly.
As far as knowing who did it, prove it. Because their advertisement was on the forums? That doesn't mean anything. Some one else could have done it to draw attention to those people as a distraction. You don't know what happened, nor who hacked their database or what they really had access to. Unless, of course, you personally know these hackers? In which case I hope some one comes to question you soon.
I'm not concerned about them getting into "steam", however I think you need to define that term if you're going to continue to use it. The fact is none of us really has any idea how their network is laid out, for all we know they merged the tables containing the forum user data with the account data for some kind of "convenience". We don't know. It seems to me the CC/billing information should be on an internal server that is accessed only when purchasing a game or adding another payment method, and is only accessed through the/an internal steam server acting as a layer to separate the CC information from being directly accessible to the internet (Not some web application tied to a forum created by a third party). Until we know how it's laid out and what layers were broken into, we can't say they didn't get access to it. And to say otherwise is just foolish and and flies in the face of any good consumer security practice. You should be cautious, always. If it turns out to be some false alarm, great, some kids hacked the forum and I don't care. Otherwise, some one at Valve should have their butt on the line for dropping the ball. These companies shouldn't be lacking in security, anywhere.
As for what the CEO says, I have no reason to believe you over him. If he says the encrypted CC information was exposed, why do I have any reason not to believe him? All this does it make negative hype for steam and create a deterrent for using it. Furthermore he didn't say sorry to us because he was hacked, he said sorry because HIS COMPANY (according to his own letter) caused our CC information to be exposed to an unauthorized third party. He was saying sorry to the community for the company failing to do part of it's job, keeping our information secure.
No, you don't have to use a CC to buy a game off of steam. That's not what you said, though. If I went to the store and bought a CD key it kind of defeats your theory of "They are hyping it so valve gets more money from people buying all their games again". Furthermore, I can't think of anyone who would purchase all of their stuff again from a company who screwed up. Seriously, that's some backwards logic. "Oh, their insecure and won't help me get my account back? Sure! I'll buy all my stuff off of your service again" - totally.
I don't think there would be very many who would do this.
