Valve finally discusses Steam's 'troubled Christmas'


Here's what Valve had to say

Five days after we reported that Steam users were seeing account information that didn't belong to them, Valve has issued a public statement regarding that Christmas kerfuffle. A previous comment from a Valve representative confirmed that a caching bug was responsible for this security compromise.

A configuration error allowed 34,000 users to see the sensitive personal information that did not belong to them (including addresses, purchase histories, the last four digits of the user's Steam Guard phone number, and last two digits of their credit card). This all happened "between 11:50 PST and 13:20 PST," so if you didn't go to your account or checkout page in that time frame, your information is safe.

Valve also admits that "The Steam Store was the target of a [denial-of-service] attack which prevented the serving of store pages to users," which resulted in them deploying new caching rules. A second phase of the attack led to another set of rules, which "incorrectly cached web traffic for authenticated users." After that, some of their customers saw pages with the wrong language displayed and even other people's account pages.

Valve ends the post by saying that it will "continue to work with our web caching partner to identify affected users and to improve the process used to set caching rules going forward," and by apologizing to all of those affected by this breach. 

Update on Christmas Issues [Steam]

You are logged out. Login | Sign up



Zack Furniss
Zack Furniss   gamer profile

Liev Schrieber's little brother. Lover of horror and RPGs. Let's be best friends. more + disclosures



Filed under... #Holidays #Steam #valve



You're not expected to always agree, but do please keep cool and never make it personal. Report harassment, spam, and hate speech to our community team. Also, on the right side of a comment you can flag nasty comments anonymously (we ban users dishing bad karma). For everything else, contact us!