Earlier today many Steam users reported something strange when they logged in to their accounts. Instead of being brought to their account page, they were brought to a page with a different language (usually Russian). It was soon discovered that users were actually being logged in to another users account. A mad scramble ensued as users around the world attempted to secure their accounts, knowing full well that there are people out there who would try to take advantage of such an egregious breach in Steam's account security. Among the information made accessible by the breach are e-mails, billing addresses, and even the last four digits of credit cards, meaning this was a fairly serious breach of information and privacy.
Thankfully, not long after the issue was discovered, Valve shut down the affected areas of Steam in an effort to protect users' privacy and figure out what was causing the issue in the first place. While Valve has not released an official statement yet, it is not believed to have been an actual security breach. Instead, the common theory is that since Valve uses Akamai for their CDN and Varnish for caching, there was a misconfiguration in one of those components that caused Steam to not correctly serve and render cached pages that were intended for single users only. Keep in mind this is just a theory, Valve has not released an official statement yet, so it could have been a real security breach, however that seems unlikely.
As always when something like this occurs, it is highly recommended that you change your login information in case any of your information was compromised, just to be on the safe side. I will update this article with any updates that I find and if any readers have more information, feel free to post in the comments below!
Valve has released an official statement regarding the issue.
"Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."