Update: Steam Store Reveals Private User Information, Gets Shut Down

 Pages 1 2 NEXT
 

Update: Steam Store Reveals Private User Information, Gets Shut Down

Steam Logo - Social

Multiple reports are coming on concerning a serious error with the Steam Store that reveals the private information of other users.

Update: Valve has given the all clear. "Steam is back up and running without any known issues," a Valve spokesperson told GameSpot. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."

Even though Valve "believes" that no unauthorized actions were performed, we did hear unconfirmed reports that entire credit card numbers were able to be accessed due to the glitch. As such, it may still be in your best interest to remove any stored credit card information from your account, and keep an eye on your credit card activity.

Original Story: It looks like this year's Christmas Grinch is none other than beloved PC gaming platform Steam. Multiple reports are coming in from numerous users purchasing items from the Steam store, discovering that when they check out, the private information of a complete stranger is displayed in place of their own info. This information includes partial credit card numbers, email addresses, account balance and purchase history. The store page also appears to be randomly changing languages for users, and Steam DB is speculating that a caching error is effectively logging users in to accounts that don't belong to them. Scary.

As an emergency measure, the Steam store has been completely taken offline to prevent any fraudulent purchases from happening, understandable considering that some unconfirmed reports are claiming that the full credit card information of users with stored credit card information is being made available to random users.

The official Steam Support Twitter has been silent on the whole matter. For now, we would recommend not using the Steam Store, even if it comes back up, removing any stored credit card information from your account, and keeping a close eye on your credit card account to make sure no suspicious purchases have occurred.

We have reached out to Valve for more information, and will endeavor to update this post if we learn anything more.

Source: reddit

Permalink

Yeah I saw this on the mobile app. I was trying to log in to my account on a new computer but couldn't quite remember my username, so I clicked "store account" on the mobile app and it kept coming up with the store information for these two random users. I was a bit worried these guys had hacked my account and tied their accounts to mine...

By the time I looked up my account name on my main computer and tried logging in the store was already down.... Does this effect steam as a whole?
Because it couldn't even connect to the server to log me in.

There's been lots of reports of people having their Steam wallets and PayPal accounts tied with Steam emptied out - this is on top of simply being able to see their email and other personal info. Pretty serious shit going down.

These sorts of incidents are the reason why you never save credit info online and/or just use prepaid credit cards and gift cards for online purchases.

No big deal just a caching issue.

Yeah I saw it. I wasn't even logged in. I just went to Steam website and suddenly it was in German and some games had that "on your wishlist" on them. It was bizarre.

I was online, had some stupid clicker game running (it's got it's claws in me damnit!) while watching TV, decided to look for a game to tide me over till xcom 2 and suddenly my language is Russian, refresh, German, refresh, Spanish, refresh, never seen this language before, refresh, Russian, restarted the computer, reinstalled steam, all the same problems.

Just deleted everything and hope I get everything back in tact. My debit card is tied to it though.

I always just use prepaid cards on storefronts where possible. It's a bit of a hassle having to go to Game every time I want a top up, but it's better than having my account information nicked.

Steam only displays the last digits of the phone and any credit card info, so it's unlikely that anyone's data is directly compromised.

I believe the worst is the account name and the address data could be seen, but that doesn't directly compromise people's billing info(though still not a good thing).

Steven Bogos:
(Snip).

The issue may now be resolved:

https://twitter.com/SteamDB

"removing any stored credit card information from your account"

https://twitter.com/GuerrillaDawg/status/680500791262720000

More sites that can't fact check and absolutely have to get a story up immediately regardless of accuracy.

It's a caching issue if you delete it or use it that's what's being shown, that's the entire issue. DON'T MIS-INFORM YOUR READERS WITH THIS CRAP

Siesta45:
"removing any stored credit card information from your account"

https://twitter.com/GuerrillaDawg/status/680500791262720000

More sites that can't fact check and absolutely have to get a story up immediately regardless of accuracy.

It's a caching issue if you delete it or use it that's what's being shown, that's the entire issue. DON'T MIS-INFORM YOUR READERS WITH THIS CRAP

I have to agree with this. Most of what I've read suggests that evidence is pointing to it being a cache issue which, if that is the case, means its very irresponsible to recommend people do that.

The only truly safe thing you can do if you're genuinely worried enough is to cancel any cards attached to your steam account. If you don't do that then make sure to monitor your account.

Had it happen to me as well right after redeeming my gift card with the mobile app. Had me concerned a bit, but after logging in with my computer the money was there, fortunately.

Thankfully it seems to be over now. My account seems to have stabilized. I checked my bank account and no funds have been taken out with the exception of a couple of games I bought AFTER my account stabilized. So thankfully I seem to be in the clear.

I still deleted my stored card information. Honestly I had been meaning to do that for awhile now.

We have an official ALL CLEAR statement from Valve themselves now.
http://www.gamespot.com/articles/steam-issue-allowing-access-to-other-users-account/1100-6433371/

Ah, I knew there was a reason I never tick the "Save payment information" box.

What a bizarrely fortunate time to have accidentally had my debit card blocked. And I thought I was unlucky.

It's at times like this I'm thankful I've never saved my Payment info when making a purchase.

omega 616:
I was online, had some stupid clicker game running (it's got it's claws in me damnit!) while watching TV, decided to look for a game to tide me over till xcom 2 and suddenly my language is Russian, refresh, German, refresh, Spanish, refresh, never seen this language before, refresh, Russian, restarted the computer, reinstalled steam, all the same problems.

Just deleted everything and hope I get everything back in tact. My debit card is tied to it though.

I know how you feel, I have an embarrassing amount of hours logged on my steam account for Adventure Capitalist.

Hope they aren't just building a backdoor for ease of access.
They already have an immense amount of customer support requests now with also governmental requests on top of that. So I would not be surprised that they would try to automate the access for those requests.

JLF:
Hope they aren't just building a backdoor for ease of access.
They already have an immense amount of customer support requests now with also governmental requests on top of that. So I would not be surprised that they would try to automate the access for those requests.

The problem was the web cache wasn't clearing properly, so the details of the previous transaction was appearing. Its not grand conspiracy theory, just someone forgot to change the cache away from the engine default in an update.

albino boo:

JLF:
Hope they aren't just building a backdoor for ease of access.
They already have an immense amount of customer support requests now with also governmental requests on top of that. So I would not be surprised that they would try to automate the access for those requests.

The problem was the web cache wasn't clearing properly, so the details of the previous transaction was appearing. Its not grand conspiracy theory, just someone forgot to change the cache away from the engine default in an update.

That good if it was just human error. Even though one would hope errors like that should not be even possible.

And what comes to conspiracy theories the fact is that companies based in the US have an obligation to assist with all information requests which will increase workloads for companies. Especially Valve who has never been known to have a working customer support to date and also has an incredible amount of customers.

JLF:
[quote="albino boo" post="7.931970.23447160"]

That good if it was just human error. Even though one would hope errors like that should not be even possible.

And what comes to conspiracy theories the fact is that companies based in the US have an obligation to assist with all information requests which will increase workloads for companies. Especially Valve who has never been known to have a working customer support to date and also has an incredible amount of customers.

1. There is no such thing as an error free system. I have worked in the software industry for 20 years and human error is the most common cause of failure.

2. You are unaware of how web engines work. You can access the backend database without any interaction with the web front end. Any backdoor would not show.

albino boo:

JLF:
[quote="albino boo" post="7.931970.23447160"]

That good if it was just human error. Even though one would hope errors like that should not be even possible.

And what comes to conspiracy theories the fact is that companies based in the US have an obligation to assist with all information requests which will increase workloads for companies. Especially Valve who has never been known to have a working customer support to date and also has an incredible amount of customers.

1. There is no such thing as an error free system. I have worked in the software industry for 20 years and human error is the most common cause of failure.

2. You are unaware of how web engines work. You can access the backend database without any interaction with the web front end. Any backdoor would not show.

No offense intended,so in other words the latest problems were a problem that could easily be interpreted as a human error, and also the problem does not give any suspicion to changes to the Valve servers. I appreciate your reply on the matter.

HA, my paranoia paid off finally
Have 2 bank accounts- primary and secondary
Secondary is dedicated to internet payments and is usually empty
Whenever I need to purchase something via internet, I transfer money from primary to secondary
Works like a charm.

Areloch:
Steam only displays the last digits of the phone and any credit card info, so it's unlikely that anyone's data is directly compromised.

I believe the worst is the account name and the address data could be seen, but that doesn't directly compromise people's billing info(though still not a good thing).

There's more that you can see than that though.

Home Address (well, technically billing address). Full name. You get the last 4 of the phone number so you can easily narrow somethin down between that and the area code from the billing address. Email address.

Considerin a lot of people do the things that everyone tells you is a nono (use the same email address for everythin, use easily guessable passwords, using the same password for everythin), any number of things could have been horribly compromised with that.

Lets not downplay this. This was a major fuckup that showed peoples personal information for no reason. What possible reason would Steam need to cache someones account details in such a way?

Not only that, but there was straight radio silence the entire time it was happening. The only reason people even knew what to do was a completely unaffiliated group told everyone what to do, even calling Valve out by saying they shouldn't be the ones having to do this but Valve was completely failing to do anything so they had to step up.

Siesta45:
"removing any stored credit card information from your account"

https://twitter.com/GuerrillaDawg/status/680500791262720000

More sites that can't fact check and absolutely have to get a story up immediately regardless of accuracy.

It's a caching issue if you delete it or use it that's what's being shown, that's the entire issue. DON'T MIS-INFORM YOUR READERS WITH THIS CRAP

Fact checking? In a Steven Bogus Bogos article?

Surely you jest. Is this opposite day or something?

. . . . . . . . . . . . . . . . .

In all seriousness, the article is just grossly irresponsible. It suggests doing the very thing that could put your account in danger. And this isn't the first time Bogos has submitted an article like this.

How this guy is still published here is absolutely beyond me. It truly boggles the mind.

I have never liked steam and I hope that this at least opens a few eyes into everything wrong about the current system.
This was a tiny error, but constituted a huge privacy invasion. and not a word from steam about it.
What if the next time you can't access your bought games... or update them, install them, even play them?
I thought this would generate a great deal more of a reaction frankly.

Then again, "don't bite the hand that feeds you"... .. .right?

Vigormortis:

Siesta45:
"removing any stored credit card information from your account"

https://twitter.com/GuerrillaDawg/status/680500791262720000

More sites that can't fact check and absolutely have to get a story up immediately regardless of accuracy.

It's a caching issue if you delete it or use it that's what's being shown, that's the entire issue. DON'T MIS-INFORM YOUR READERS WITH THIS CRAP

Fact checking? In a Steven Bogus Bogos article?

Surely you jest. Is this opposite day or something?

. . . . . . . . . . . . . . . . .

In all seriousness, the article is just grossly irresponsible. It suggests doing the very thing that could put your account in danger. And this isn't the first time Bogos has submitted an article like this.

How this guy is still published here is absolutely beyond me. It truly boggles the mind.

Agreed. Some rudimentary fact-checking before recommending "security measures" would be greatly appreciated.

Considering Steam just forced me to get a Phone App meant to protect my account from being hacked, delaying my ability to purchase items from/trade them on TF2, I find it odd that Steam seems to have screwed up somewhere and an issue like this happened. Luckily for me, I purchased no game on Christmas (I did get the first episode of King's Quest when the sale started), and I didn't have a Credit Card signed up to my account.

I guess I'll just have to wait until Tomorrow or Monday to get Undertale...

I'm assuming I'm safe for now due to no email of any purchasing being made nor was there any recent transaction on my bank account (in saying so it usualy take a day or so to show up online). In saying so I had delete my card info on steam to be on the safe now (I suppose it was a good thing I didn't buy any of the sales at the moment).

In saying so ain't some of us are still safe due to the security card numbers (the final safe guard) cos that one is NEVER store on any card info or has this leaked reveal it when you made a recent purchase?

lol jeesh, by pure coincidence I brought my tower back to my parents house with me for christmas (bought a new mobo/cpu, was gonna install it and give my parents rig the old parts) and have been out of the nerd world for a couple of days, what luck to find out I missed on out on this debacle. Hopefully steam gets some solid backlash for this

Soooo, are they going to send out an email or anything? This is some seriously unprofessional shit. They accidentally spill confidential information about their users and they're not even going to inform them?

What the fuck happened to Valve?

I dislike the way the story basically says "even though we can't confirm anything happened, you should probably remove credit card information."

And the way that it was cautioning people to do this even when other people were suggesting that it would put them at risk.

Fappy:
Soooo, are they going to send out an email or anything? This is some seriously unprofessional shit. They accidentally spill confidential information about their users and they're not even going to inform them?

What the fuck happened to Valve?

I don't know, but I remember the days of that Sony shutdown, and everyone swearing up and down that Valve would never ever do this....

I'm not sure they ever changed. It's just that the blind faith people had in them has slowly been eroded. Valve's always been a shitty, anti-consumer company with policies that screwed us even as their face smiled and told us how valued we were. This just strikes me as a more obvious version of the same.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here