Support NeoGAF

[CHC]

Valve are gonna get sued. There is no way they are getting out of this fuck up without getting sued by users who had their account info compromised.

Good, they get way too much leniency and it's ridiculous that a multinational corporation making hundreds of millions yearly is still held to the same standards as a small startup company.

 

[phoenixyz]

I'm highly doubtful this is a "caching issue". This sounds like a problem on Steam's end.

For starters, you don't cache everything at the CDN and information that's supposed to be encrypted is still encrypted. If Steam is caching all of this at Akamai they're idiots and it's still on them.

So even if it is "caching problem" it means that Stema has been caching unencrypted, raw account info at Akamai, though again, I'm very doubtful this is due to an issue there.

What seems more likely is that someone made an oopsie with the customer information database (drop a few key rows and suddenly info is showing up where it shouldn't have) or a straight-up hack.

Others are free to weigh in on this. I work in the webhosting industry and deal with CDNs on a fairly regular basis. Our company uses Akamai as well.

I am pretty sure the Steam backend does not only use caching at the CDN level.

 

[SirBaron]

Glad to see no one is overreacting /s

Yes it's a major bugger up, but it will die down and been forgotten about, just like all the time psn was compromised.

 

[MaLDo]

Everything seems fine now. I'm in and i can view my account page and its my own info

Same here.

 

[subwilde]

Shit.

Don't forget the big one as well! STORE LIBRARY COMMUNITY "USERNAME"

 

[L.O.R.D]

Is it safe to unlink my visa card from my account ?

 

[Reebot]

I feel like I'm missing something. Why are people "terrified?"

Real addresses, phone numbers, physical addresses and last digits of credit cards were displayed.

That's enough to merit a serious identity theft risk.

Again, anyone downplaying the risk is invited to post this info publicly right here, just to test the waters on how minimal such a breach feels.

 

[Hektor]

130 dollars? Where did they went? If someone buys something with the wallet of another person the things he bought also stay in that same account. You could refund stuff in this case.

Do refunds work that easily for gifts?

 

[Shepard]

I don't think it's safe to visit your account details page yet, guys.

 

[Svafnir]

I feel like I'm missing something. Why are people "terrified?"

Peoples full phone numbers, names, addresses, emails and last few digits of their credit card numbers were publicly available.

Plus prominent people such as IGN staff have reported that their account was compromised and a purchase happened.

 

[GHG]

Nah, Steam is down now so you're aight.

I don't think anyone knows for sure.

I'm happy to say you didn't.
I got some cache pages from mobile users.

Got a "browser doesn't support this address" error.

Everything has been taken down now, so you *should* be fine (can't guarantee that though obviously)

Thanks guys.

Feel pretty unsettled about this at the moment. I have invested so much into steam I think I'd be on my knees if something happened to my account.

This is why I should maybe spread my purchases across different clients like GOG and Origin

Spoiler

(shudder)

more in the future.

 

[VisceralBowl]

Don't forget the big one as well! STORE LIBRARY COMMUNITY "USERNAME"

That's the display name right there. Username is different unless you have set the same username and display name of course.

 

[Costia]

If I can't trust Valve, I sure as shit don't think I can trust Microsoft.

Microsoft deal with a lot more than just games. So as far as security goes, from a technical standpoint, MS are way better.

 

[SillyJoe]

Looks like the whole desks on wheels structure ain't so great after all

 

[ekim]

Steam is up again. My wallet is untouched.

 

[Relaxed Muscle]

I feel like I'm missing something. Why are people "terrified?"

Potentially your private info: Adress, phone number, email, full name, etc... has been exposed to annonymous individuals, or worse, is now on the wild.

At best it was exposed to some rational individual who will do nothing with it, ar worst you are exposed to identity theft.

 

[| Praxis |]

Everything seems fine now. I'm in and i can view my account page and its my own info

I still can't connect to the Steam network.

 

[Theecliff]

i'm one of the silly people who managed to get onto my steam account settings temporarily during all the confusion and cancelled my paypal from there just before all the tweets telling you to do exactly not that were posted

so now i'm just checking my emails, paypal account and bank account like a hawk in the hope that my account details weren't seen by someone else

 

[petran79]

I feel like I'm missing something. Why are people "terrified?"

the loli games....

 

[Disaster Nebraska]

It's a caching server problem, so you can all stop panicking. This will not allow anyone to log into your accounts or access your payment information.

That said, it does allow random* people to temporarily view your e-mail address, name, and other info. In theory this could be taken advantage of... if a dedicated, inefficient thief happens to come upon your info.

This is not how caching works. At best, Steam idiotically stores non-encrypted customer info at their CDN. However, I can't think of any rational company that does this. CDNs are meant to speed up page load, and storing database info (such as customer info) at a remote CDN has negligible effects on speed.

It's far more likely that it's a hack and/or database problems.

 

[Pyramidbread]

Before they pulled the plug I was able to see the edit card info page of another user.

In this same thread there was an image of that same page (for a "James").

I don't know about the rest but I'm not panicking. I'm just mad, mad at Valve and annoyed by the random people that try to make damage control for them.

Definately, this really should not have happened, full stop.

 

[Tenebrous]

Steam store back up for me.

 

[toddhunter]

Microsoft deal with a lot more than just games. So as far as security goes, from a technical standpoint, MS are way better.

They are also a bigger target and consequently have had way bigger fuck ups over the years.

 

[oni-link]

I was playing for the past two hours - before that I was seeing the store in Russian, but I haven't bought anything since yesterday and didn't access my wishlist today either.
Am I already fucked just because I was playing?

I'd like to know this too, I also checked my profile and it says it's private, is that a measure they have taken to stop the leak?

I'll log off and keep an eye on my emails

All digital future they said, it'll be fine, they said

 

[GHG]

Microsoft deal with a lot more than just games. So as far as security goes, from a technical standpoint, MS are way better.

Yeh I don't think there has ever been a major widespread breach on Xbox Live has there?

 

[Mr. Luchador]

I feel like I'm missing something. Why are people "terrified?"

Possible 'ID Theft' in the future, maybe. The pain of having to contact the bank in a few days to instigate fraudulent charges (and the knock on those charges might have had on your account). It's not 'end of the world' stuff, but it's still shit that shouldn't have happened.

 

[fantomena]

Steam store back up for me.

Yup.

Edit: Cannot login through client though.

 

[DeaviL]

Its the only explanation for your posts in this thread.

First it was "this is no big deal." Then "no personal information was leaked." Now its a trivial distinction between user and log in names.

Its a big deal. We can stop brazenly defending Valve and start asking for action.

Many people are pissing their pants in this thread.
I'm looking at what we know at the time and telling people exactly that.

Luckily Grief has a single informative post up right now.


Just keep being useful to everyone by calling people corp. apologist.
Your help will truly be remembered in everyone's time of need.

 

[Leafhopper]

The account caching issue seems to be fixed as well.

However the log in servers seem to be down.

 

[Enter the Dragon Punch]

store is back up, but login servers aren't. still can't start my steam client.

 

[Rebel Leader]

I see Steam GAF on 9gag. On 9gag!For some reason also way calmer than this thread.

Because that a community manager. wot someone from valve.

 

[ItIsOkBro]

What's up with people so invested in running damage control on Valve's behalf

 

[Grief.exe]

Don't forget the big one as well! STORE LIBRARY COMMUNITY "USERNAME"

Ya I caught that one as I was editing, not my original image or post.

http://www.neogaf.com/forum/showpost.php?p=190425008&postcount=1021

 

[subwilde]

That's the display name right there. Username is different. Unless you have the same username and display name of course.

Understood but it's the same as the actual username

 

[Aselith]

Real addresses, phone numbers, physical addresses and last digits of credit cards were displayed.

That's enough to merit a serious identity theft risk.

Again, anyone downplaying the risk is invited to post this info publicly right here, just to test the waters on how minimal such a breach feels.

And they could also see their account username which is usually common between accounts. Which means that if you call a place and give them the email address and they use your real address as verification they can gain access to your account. So let's say your Steam name is reebot and your blizzard account is reebot and you call up blizzard and they ask for an address as confirmation now that is potentially exposed.

 

[AHA-Lambda]

Store is back up for me, can't log in though

 

[Ricerocket]

I just connected, seems back to normal? More importantly I am able to log into Path of Exile.

 

[Toad King]

Valve are gonna get sued. There is no way they are getting out of this fuck up without getting sued by users who had their account info compromised.

There will probably be a class action suit and you'll get like maybe a couple cents since every other of the 125+ million steam users will be eligible as well.

 

[TheSpoiler]

130 dollars? Where did they went? If someone buys something with the wallet of another person the things he bought also stay in that same account. You could refund stuff in this case.

You COULD refund, but that fully depends on Steam and how they deal with refunds. Regardless of whether or not you get your money back in the end, either by calling your back or waiting for Steam to get around to doing so, that's money out of your account until then and it shouldn't happen in the first place.

 

[Relaxed Muscle]

I'm not getting back into steam until Steam comes out and clears out this mess.

What kind of shitty business has people data exposed out, pushed the red button and after awhile restart is services without a single line or comment about it?

I mean, it's safe now? was the problem resolved? what was the extent of the information exposed? etc...

 

[ebullientprism]

What's up with people so invested in running damage control on Valve's behalf

Fanboys.

It's easy to spot them in any fuck up thread of a big company.

 

[Rebel Leader]

I logged on

went to acct deatials


GOT ON MY ACCOUNT!!! YAY

 

[The Dear Leader]

I feel like I'm missing something. Why are people "terrified?"

Our accounts with thousands upon thousands of dollars of games and our personal information and payment information could have been compromised. Gee, I don't know why...

 

[fantomena]

Just logged in.

Edit: On my account. Nothing changed. Huzzah!

 

[AnathemicOne]

I don't think it's safe to visit your account details page yet, guys.

Wait what, we aren't supposed to be viewing them? I've been trying to but it fails to connect to the servers so I can't.

 

[JSoup]

Already had a journalist confirm that he had 130 taken from his account, so you can stop running damage control.

Link, please.

 

[XiaNaphryz]

This is not how caching works. At best, Steam idiotically stores non-encrypted customer info at their CDN. However, I can't think of any rational company that does this. CDNs are meant to speed up page load, and storing database info (such as customer info) at a remote CDN has negligible effects on speed.

It's far more likely that it's a hack and/or database problems.

What some are speculating is that due to some misconfiguration, pages that shouldn't be cached are ending up being cached anyway. I don't think anyone's saying that's how it should work, just trying to figure out what makes sense given what we're seeing.

 

[finalflame]

Valve are gonna get sued. There is no way they are getting out of this fuck up without getting sued by users who had their account info compromised.

Not in the US and Canada they're not. Everyone on Steam agreed to binding arbitration and a class-action waiver. They ain't getting sued by shit. Read your subscriber agreement.

 

[DeathPeak]

Ok, posted a few pages back, but maybe someone can settle my stomach. I'm seeing a pending transaction on my bank account for Target.com. It's for the amount that I paid to pre-order Dishonored 2. I'm not sure if this pending transaction is for that pre-order that won't come out for months, or if it's someone that stole my card info. Supposedly no one is able to get all the credit card info from this fuck-up right? I'll probably be calling the bank to be sure.

 

[Disaster Nebraska]

I am pretty sure the Steam backend does not only use caching at the CDN level.

You don't understand how caching works, do you? I used to install various caching options (including Akamai CDN which is external as well as Varnish which is a software caching service installed on the server) all the time.

The behavior seen today is not something that happens because of caching.