Steam Christmas day error that revealed users' account details was due to caching issue, says Valve

[midian182]

Christmas day wasn’t the happiest of occasions for Valve. Many users around the world, including me, reported that the store’s homepage was displaying a language other than their own (mine was in Russian). More seriously, the ‘account info’ section of the site was showing information from other users, including email address, purchase history, and how much they had in their Steam wallet.

After certain groups threatened Christmas day attacks on various gaming networks and servers, including Steam, many users believed that this was a hack. As you would expect, a lot of Steam account holders attempted to unlink their Paypal accounts and remove any stored credit card information, although this was something that the Steam Database – an unofficial Steam tracking service – didn’t recommend.

Do NOT attempt to unlink PayPal, remove your credit card details or anything else. Doing so will put you at risk instead.

— Steam Database (@SteamDB) December 25, 2015

Valve shut down the Steam store for around an hour while it dealt with the issue. Once it came back online, everything appeared to be fixed, although there was still no word from Valve regarding what happened.

Eventually, Valve sent out a statement. It turns out, just as the Steam Database had theorized, that the problem wasn’t a hack or DDos attack, but was instead related to a caching issue.

"Steam is back up and running without any known issues," said Doug Lombardi, Valve's director of marketing. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour.

"This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."

The company also stressed that credit card information and phone numbers were "censored and not visible to users, as required by law." Despite Valve’s words of assurance, the incident is already being called ‘the Steam Winter Fail.’ In light of the large number of data breaches that have occurred recently, as well as the hacking threats aimed at Steam, you have to wonder why the company took so long to release a statement.

Permalink to story.

https://www.techspot.com/news/63262-steam-christmas-day-error-revealed-users-account-details.html

 

[Kibaruk]

It doesn't matter how "censored" the credit card is, with the last 4 digits and an email address you can wreak all tipe of havoc on a person that uses that email or something you can easily get with that information.

 

[Adhmuz]

I've had quite a few "scammer" accounts try to add me as a friend since the problem occurred, I've been blocking, ignoring and reporting these accounts to steam. Not much else you can do but hope valve is telling the truth about account credentials like credit card information and phone number.

 

[Uncle Al]

I've had quite a few "scammer" accounts try to add me as a friend since the problem occurred, I've been blocking, ignoring and reporting these accounts to steam. Not much else you can do but hope valve is telling the truth about account credentials like credit card information and phone number.

Ditto!!!

 

[RustyTech]

I haven't even logged into steam for some time. I guess I'll have to check it out and see what kind of requests I've received.
...and here is another reason I don't link my card info; I just buy the prepaid cards.

 

[Lionvibez]

This is the reason I have set steam to forget my credit card info for every purchase so I always have to type in the details when making a purchase.