Steam security issue revealed personal info to other users on XMas Day (fixed)

spons said:
During login I got "Verifying login credentials" or something like that, gets stuck then gives a connection error. I've restarted the client and now everything seems normal though.

Might be an idiot for doing this but I suppose Valve fixed the leak when they rebooted the entire thing.

Hopefully.
Click to expand...
I just got my mobile authenticator prompt and upon getting my info from the Steam Guard in the mobile app it allowed me to log in. Everything is normal on my end as far as my account goes.
 
Okay well I just deleted my credit card info off my account, would happily add it back on once Valve resolves this issue and depending on the statement they release.
 
Farsi said:
To you. For alot of us it isn't.
Click to expand...
To you. For alot of us it is.
JSoup said:
A lot of people live in a fantasy world.
Name? Address? Phone number? All that information can be used for identity theft and other horrible things?
Meh, at least I can still play Half-Life 2.
Click to expand...
There is a big difference between having your personal information available for random people to see online vs. friends/neighbors knowing where you live and what's your phone number.
 
For those scared to get on Steam here is an easy fix:

steamz_zpsbbcb224e.jpg


Disconnect from the internet and start in offline mode. You can reconnect to the internet after you are in offline mode. You can play your games until everything is cleared up.
 
AcademicSaucer said:
I hope they are just servile to Lord Gaben and not shills.
Click to expand...

I hope the opposite, doing damage control for a company and not getting paid for it is pretty sad.

Anyway, I juts logged in and deleted my CC. Curiously, I still had my Paypal info despite not being able to use it after the currencies changes they made a few weeks ago (deleted it too ofc).
 
GooeyHeat said:
I feel like there's a joke to be made here about Valve's tendency to promote user-created content, but I don't have the wit to come up with it.

Anyway, is it safe to log back on or no? I was hoping to play some games, not really planning to buy anything right now.
Click to expand...

"Welcome to the Steam Hacks Beta!"
 
So what should I do now?

I had an old phone number, can I remove it and update it to my new one? And also is there a way to require a password with PayPal checkout?
 
Haunted said:
I don't understand people who are immediately logging on right now when we've had no official statement about what happened.
Click to expand...

We are those who dare. We are those who venture forth so for those who do not dare nor challenge can follow our footsteps to know that they can access THEIR accounts.

You're welcome.
 
Tenebrous said:
Got my account info up now. All anyone could see was the last two letters of my Visa card, country, & one of my email addresses... While not ideal, it could've been a lot worse.

Nothing unusual in the purchase history, and no difference in account funds, but I've deleted my CC info.
Click to expand...

The most "dangerous" thing so far seems to be that if you had a payment method saved and someone tried to add a new one it would auto fill all your personal information in the boxes.
 
Reebot said:
You've blatantly mislead people as to the extent of the risk for some 50 pages now. You don't get to play that card.
Click to expand...

DeaviL said:
I'm sorry for not trying to stoke the fires.
For not claiming you can see full CC info (You can't)
For not claiming you can see phone numbers (You can't)
For not claiming you can get everyones password (You can't)

You can however
- See e-mail addresses
- Purchase with steam credit
- Purchase with any one click purchase method (if you have to give any extra info, it's a no go)

And that's only if you don't switch to a new account by clicking any button.
Click to expand...

Here is a post of mine, we didn't know then that you could get a full phone number at that moment in time. (it's not your security phone number though)
Tell me where this post touched you.
 
ekim said:
Caching for dynamic user related content is a no go per se. If someone pushed a new version of the account page with caching enabled it could cause this problem. It would also explain why people saw the same subset of users. Those poor guys were the first to open the new account page and for every respective server they hit they became the cached page.
Click to expand...
Even if that's the case (I don't suspect it is, but web servers can be complicated beasts and I only know some) then it means Steam is (and has been) ignoring basic PCI standards for some time now.

You simply do not cache that kind of info. It's bad practice and opens you up to compromising your customers' data.

To be honest, if it's really due to
caching then it's even worse. It's worse because the caching issue simply revealed a gaping security flaw/PCI non-compliance that has been present for who-knows-how-long.
 
JSoup said:
A lot of people live in a fantasy world.
Name? Address? Phone number? All that information can be used for identity theft and other horrible things?
Meh, at least I can still play Half-Life 2.
Click to expand...

Basically anyone who knows me personally knows that information already. Name, Phone Number, Address.

If any of the people I know is a hacker, does this mean I'm fucked?

I can give you the card number... but even then you need the security key.
 
It's not that bad. Just think of getting access to somebody else's account like getting a CS:GO case and their personal information is just different skins you can try on elsewhere on the Internet.
 
Wickerbasket said:
Maybe because they just let a bunch of people access access other users' personal details?

They're probably breaking a few UK and EU data protection laws there unintentionally.
Click to expand...

I'm not saying what happened isn't bad, but what I am saying is some individuals are going on the extreme hate valve spree. They're just as bad as the apologists.

Also in the UK were had that many data breach leaks, everyone knows everyone now lol.
 
nded said:
I kind of hope this doesn't just blow over for Valve. Can't have them thinking they can just keep coasting on their good name.
Click to expand...

Their response (if they give any at all) will probably be something like this: ¯\_(ツ)_/¯

What are people supposed to do? Buy their PC games from UPlay?
 
Costia said:
There is a big difference between having your personal information available for random people to see online vs. friends/neighbors knowing where you live and what's your phone number.
Click to expand...

That wasn't the argument at all. It was a question of one thing being more important than another.
 
victor.m said:
An arbitration clause and class-action waiver are not against the law nor is agreeing to them.
Click to expand...


Ok, not against the law in Australia but it's not enforceable.
Anything that signs away consumer rights in Australia isn't enforceable, even if a person agreed to sign them away
 
I recently got a pre-paid CC just for Steam, PSN and so on. People were laughing at me saying that I'm paranoid. I added the CC as a payment option to Steam about 3-4 hours ago, had dinner, came back, saw this thread, checked my CC:

WYZTwQIl.jpg


Guess who is laughing now.
 
DeaviL said:
Here is a post of mine, we didn't know then that you could get a full phone number at that moment in time. (it's not your security phone number though)
Tell me where this post touched you.
Click to expand...

Except we did. Nice try though.

I guess only disclosing 1 out of 3 extremely personal things isn't too bad. Bravo Valve!
 
It's not possible to change the Steam login ID, right?

I'm at least going to change my PayPal email address and the one linked to my Steam account. Better safe than sorry, before some wanker tries to guess my passwords.
 
You must log in or register to reply here.

Similar threads

PSYCHO DEAD | Gameplay Reveal Trailer (Third-person survival horror) [PS5, Steam]
23
159
Macattk15 replied
  • Poll
Steam users threaten to boycott Metal Eden for using AI voices
News Drama  2 3
117
1K
rkofan87 replied
Digimon Story Time Stranger debuts with over 70k concurrent users on Steam (~11x the launch CCU of Digimon Survive)
Sales-Age 
5
102
Liopleurodon replied
Steam hits 40m concurrent users.
3 4 5 6 7
300
16K
rodrigolfp replied
[The Verge] Xbox Ally pricing and preorders info coming today. [Update] Prices revealed: $999 Z2 Extreme; $599 Z2
7 8 9 10 11
544
1K
Duchess replied
Top Bottom