[TwoBit]

Valve didn't use password hash salting? That seems borderline ridiculous. Pretty much the only way he could have broken the hashes is if this is so.

Valve's use of SourceSafe at the time is another black mark, though not related to the security breach.

[atmosx]

The only take-away here is that it's better to pay for a third party to secure your network, or a have a small team (2-3 guys) doing the administration/security-audit properly. I can't blame developers for not being security experts.

Developers != System Administrators != Security Experts

ps. The most important part however, are the developers, without them the other two groups wouldn't exist. :-)