All I wanted is to point out that having ecrypted data does not guarantee its security. Nowadays computers and especialy computer clouds offer huge computational power wich makes data encryption wich has been considered perfectly safe a few years ago, not so safe anymore. If we are hones no data encryption is perfectly safe.

But now I'll point out another thing that might result in ever bigger discusion.

What if hackers don't have to do any data decryption afterall?
Various articles about Steam hack only says that data from the user accounts database was stollen, but no article wich I read doesn't says how that was done. If hackers managed to copy database data as copying database file-s then they will definitly need to decrypt the data before using it. But what if they managed to copy database data by interfaceing to the database itself fooling it that they are some steam web application? This way they might have managed to retrive already decrypted data as usualy data encryption is done with database engine itself.

If we take into account that steam system isn't run just on one server it means that the database itself had to be globally available. This means that hacker had ability to imposter as being one of those servers and accesing a database this way. Offcourse they needed to have proper database login creditentials to gain acces to the database data, but since it isn't very likly that database creditentials are being periodicaly changed they had lot's of time in trying it out (trying a few hundreds of password one day, a few hundreds next day, and so on). All that they had to do is keep number of login trials (guesing of passwords) low enough for not trigering anny alarms and that is all.