What's new

Warning: Steam Users Accounts May be Compromised


Earlier today many Steam users reported something strange when they logged in to their accounts. Instead of being brought to their account page, they were brought to a page with a different language (usually Russian). It was soon discovered that users were actually being logged in to another users account. A mad scramble ensued as users around the world attempted to secure their accounts, knowing full well that there are people out there who would try to take advantage of such an egregious breach in Steam's account security. Among the information made accessible by the breach are e-mails, billing addresses, and even the last four digits of credit cards, meaning this was a fairly serious breach of information and privacy.

Thankfully, not long after the issue was discovered, Valve shut down the affected areas of Steam in an effort to protect users' privacy and figure out what was causing the issue in the first place. While Valve has not released an official statement yet, it is not believed to have been an actual security breach. Instead, the common theory is that since Valve uses Akamai for their CDN and Varnish for caching, there was a misconfiguration in one of those components that caused Steam to not correctly serve and render cached pages that were intended for single users only. Keep in mind this is just a theory, Valve has not released an official statement yet, so it could have been a real security breach, however that seems unlikely.

As always when something like this occurs, it is highly recommended that you change your login information in case any of your information was compromised, just to be on the safe side. I will update this article with any updates that I find and if any readers have more information, feel free to post in the comments below!

SOURCE

[UPDATE]

Valve has released an official statement regarding the issue.

"Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."
About author
N
I'm just an aspiring English Major with a love of all things geeky.

Comments

N
Console peasants saying all these things about how bad PC is because if this, but at least hacking squads don't take down our servers xD
I'm not a console fan but account info breach > servers being down lol.
 
V
Console peasants saying all these things about how bad PC is because if this, but at least hacking squads don't take down our servers xD
So no one has ever put there PayPal or Credit Card onto a Microsoft or Sony account and got hacked? If I recall this was a thing: https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack
 
N
Console peasants saying all these things about how bad PC is because if this, but at least hacking squads don't take down our servers xD
I didn't say that lol, I just said in general that account info breaches > servers being down.
 
V
Console peasants saying all these things about how bad PC is because if this, but at least hacking squads don't take down our servers xD
I do agree with that, but when PC has one wipeout everyone teams up against the master race. While we are calm and watch the hooligans have more problems than comprehensible. I'm not here to say that Steam has no problems, just that it is much better.
 
S
Console peasants saying all these things about how bad PC is because if this, but at least hacking squads don't take down our servers xD
No need to get defensive for the #pcmustardrace
 
C
And... I'm glad I'm not pc.
3 3xTiNcT
Why? Does no one remember April 2011?

77 million PSN users had their personally identifiable information exposed, which was one of the largest data security breaches in history. The entire PSN network was down for 23 days. Affected users weren't even warned until a week after the attack.

This caching issue, which (according to Valve) existed for less than an hour, most likely did not result in any sensitive information being exposed at all.
 
C
#pcmustardrace
S Salus
What's with the hashtags, anyway? This isn't Twitter. I play on both console and PC, and PC is IMHO superior in just about every way. That's my opinion, and you're free to disagree with it...but unless you've personally compared them yourself, the whole "#pcmustardrace" thing seems more like a case of sour grapes.
 
Toggle Sidebar

Article information

Author
Night
Views
2,180
Comments
15
Last update

More in PC

More from Night

Top Bottom