There was no financial loss. The surrounding press attention may have even helped sales. I still remember the news at the time a decade later. The real cost is the ordeal he put the people at Valve through.

I also think that Valve used him a bit as convenient scapegoat to explain why the release of the game was pushed back another year.

Probably. Background: Half-Life 2 was contending with Duke Nukem Forever for the greatest vaporware title ever, when Valve released gameplay footage and a definite release date. The half-done state of leaked game and the subsequent one year delay caused people to think it might never ship.

Of course, when the game finally came out to rave reviews, all was forgiven.

Good point. I'm sure those were stressful times to be at Valve

Well first of all, the game appeared to be playable, so there's the piracy aspect.

The Source engine is also licensed to other games. If the code is public, other engines could copy their features.

Also it is very annoying to re-secure all your computers after you have been breached. Every single person has to change their password and you don't know what backdoors the guy has installed without a full wipe sometimes.

The game was not really that playable - you could boot up isolated levels, but it was completely unfinished. Huge chunks were missing. There's no way it would make a suitable replacement for the game that would be released much later.

Playable???? Not even close :/ It barely worked from what I can remember (I was very young at the time). It certainly made me even more excited for HL2's release though.

The piracy aspect is bogus, most games are cracked within days of release anyway.

Like other commenters said, they used him as a scapegoat; he did zero damage except make poor ol' Gabe worry.

Obviously they should've spent the time to secure their network before hand!

Also, can't say I buy the hypothetical piracy cost. Does anyone have any examples of other engines copying Source features from the source code?

I reject the argument that Valve had it coming since they didn't take the time to secure their network beforehand. There are almost always going to be holes in the security of any system, especially digital ones (since they have a larger surface area to consider), so blaming the victim of a break-in implies that everyone should just resign themselves to being hacked sooner or later. Valve surely made at least some efforts to secure their systems, but even if they did not, that would not justify the morality/ethicality of entering their servers without permission.

> I reject the argument that Valve had it coming since they didn't take the time to secure their network beforehand.

I think the suggestion was that the time taken to secure their networks shouldn't be counted as "damages", just something that needed to be done regardless.

Scrubing all the machines for new backdoors isn't something that needed to be done beforehand.

I reject that I said they had it coming.

My point is that re-securing their network does not seems like a financial damage to me. If they had known about their vulnerability beforehand, I'm sure they would've spent the time and money to fix it then.

Plus it's something they needed to do anyway.

The Half-Life 2 source would have been an incredible learning tool for anyone interested in engine design at the time. That knowledge is their competitive advantage.

This I can start to understand/buy. Good point

Valve claimed it to be $250 million. German police made fun of that figure, they believed someone added a few too many zeres.

Securing their network properly after that probably costed them some money they wouldn't bother to spend otherwise.

Can't say I'm convinced. They probably wish they'd spent that money securing their network before this happened...

Also, who else had access to their network? This kid getting caught may have saved Valve from other breaches...

The game was delayed a year because of the hack.

It said it was delayed by a year before the hack.

In what way? How could that make sense?

Why would the leak cause major portions of the engine to need to be rewritten?

Seems more likely that it was a convenient excuse.

it was used as an excuse, the real reason is that Valve is REALLY slow at developing games.

I wouldn't say they're slow. You wouldn't believe the rate they're adding features to Dota 2, for example. I believe that they're actually quite a small crew with very ambitious projects, and they tend to move around a lot.

Major parts needed rewrite to not make it so easy to develop cheats for the game.

If the hackers would have the source, they would not even need to reverse engineer the engine to build their aimbots/wallhacks.

That does make zero sense.

It was a fear years ago when Quake was open sourced [1]. In Valve's case, the programmers probably had to audit all the source code in order to reduce possible exploits.

[1] http://www.bluesnews.com/cgi-bin/finger.pl?id=1&time=1999122...

I don't know. Ask gaben.

The bigger issue was that (IIRC) the source for Steam, which wasn't yet launched, was also leaked.