Steam faced something of a catastrophe this afternoon, giving players across the world access to some of the personal information in other people’s accounts. It’s not yet clear how this happened, but it’s a doozy. Call it the Steam Winter Fail.
Various players across the world logged into their Steam clients today to find their homepage displaying Russian or another random language. When they checked the “account info” section of Steam, the digital store showed them another user’s account, complete with e-mail addresses, buying history, and other private information. Merry Christmas!
UPDATE (4:30pm): Valve has shut down the Steam store, presumably until they fix this problem.
UPDATE 2 (6:05pm): Looks like the Steam store is back online. I’ve been able to log in and my information is all correct now. Still no official word from Valve, which is a bit disconcerting. The fan-run SteamDB theorizes that this was “a misconfiguration in one of Valve’s caching layers.”
UPDATE 3 (8:25pm): Valve has finally commented on today’s events, sending a statement to Kotaku this evening:
Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.
Original article follows:
Going to Steam’s website would also grant you access to a random user’s account. Based on some rudimentary testing I did this afternoon on my own Steam client, it seemed like trying to view purchase histories and licenses would give you access to other random accounts as well.
Steam Goes Nuts, Offers Access To Other People's Accounts [UPDATES]
The account that my client accessed was using Steam Guard, the tool Valve provides to help prevent unauthorized account access. So clearly that hasn’t helped.
We’ve reached out to Valve for more information and will keep updating you guys as we learn more.
You can reach the author of this post at [email protected] or on Twitter at @jasonschreier.
Well, my newphew recently lost all his steam credits (about 100USD) as well as around 200USD of DoTA2 stuff on his account. Did a little research to see what's up and ran into this. Mostly due to the fact that he had lousy security practices that might have allowed someone that saw his account details to breach his steam account directly and take his stuff. I dunno. Hoping my account isnt effed up as I'm out of town and can't check my PC (posting on Ipad atm.
My nephew's account was all cash/item theft. Old game purchases and cloud saves were all untouched. Just sucked that he lost quite a bit of stuff. Emailed steam and hoping they at least manage to return his stuff to him.
And from what I'm reading the glitch doesn't actually give ppl direct access to your stuff, just access to your information. I think my nephew's loss had as much to do with his horrid security practices as it was the steam glitch. Would actually believe that it had nothing to do with steam glitch were it not for the timing.
Last edited by Nibedicus on Dec 26th, 2015 at 08:22 AM
Yeah. It was more a case of them allowing you access to any information you had in your account, rather than them being able to directly manipulate it.
If the information people were given access to would of told someone about his lack of security then I would think Steam is partially responsible.
__________________ Chicken Boo, what's the matter with you? You don't act like the other chickens do. You wear a disguise to look like human guys, but you're not a man you're a Chicken Boo.