Steam Blows A Gasket As Random Account Security Issues Expose Private User Data
If were experiencing random weirdness and seeing other player's personal information when you log into Valve's Steam online gaming service today, you're not alone and no, you don't have to worry about some sort of holiday zombie attack on your account. It does appear the Steam
platform was having serious issues, however. Earlier today, several users of the platform reported seeing other gamer's profile information when logging into the service. Several users have reported seeing other people's private data including email addresses, purchase history and partial credit card information. Though credit card information is typically encrypted, except the last few digits of a number, seeing another gamer's details when you log in, instead of your own, is obviously alarming. Earlier this week, we reported that rogue script kiddie/hacker group SkidNP was threatening to take down both Steam
and Minecraft server for the Christmas holiday. Could this have been the work of the skiddies at SkidNP?
Apparently and thankfully, that's likely not the case.
SteamDB offered up a tweet
today suggesting that Valve's Steam servers were having "caching issues," and that gamers should not use the Steam Store right now. If it is really a caching issue, then it's a pretty serious security issue as well. And though the anomaly could easily be explained as such, it seems that Valve may
be caching certain sensitive data, with less than best practices somewhere in the pipeline. That said, to speculate about what's going on at this point is probably not worth too many cycles of your bandwidth,
Valve did post up a notice on the Steam Community boards that in fact they were not "hacked" per se, and the good news is, the problem seems to have been resolved.
Account information incorrect
We've gotten reports that people sometimes see other people's account information on the account page. Valve has been made aware of this and are working on a fix.
Some frequently asked questions:
- No, Steam is not hacked
- Creditcard info and phone numbers are, as required by law, censored and not visible to users
25 Dec 2015, 23:16 GMT: The issue now appears to have been resolved, and the Steam Store is back online.
Still no word from Valve
on exactly what happened, other than they fixed it. Regardless, it's none too comforting to know your personal email and other data may have been leaked to other users. Though full credit card information was not exposed and users have reported they couldn't use the accounts they were shown to make purchases, personal information was still made publicly available.