It appears that Valve's questionable security procedures are to blame, since the firm used MD5 hashing and a salt. In layman's terms, it's a quick and simple method of hiding data, but not one that should be used to store people's private information. As this StackExchange thread from 2014 explains, a sufficiently-motivated hacker with decent hardware would be able to crack "the hashes of all possible 8-character passwords for a given salt in mere hours." That's why around 80 percent of the forum's database was converted to plain text so easily.

We've reached out to Valve for any comment on the situation, but don't expect to hear back from the notoriously-private company. In the meantime, it's best to make sure that none of your passwords are shared with any other sites or services and keep your eye on Have I Been Pwned.