Steam security issue revealed personal info to other users on XMas Day (fixed)

7DollarHagane said:
No, they can't use that info for anything of any consequence. What, they sign up for an eharmony account or something? Lol.

A compromised ssn is a bigger deal but there are free and fairly painless ways of protecting that as well.

There are laws about how credit and credit card companies must handle these things that protect the consumer. Breaking those laws carries harsh penalties for the credit card issuer.
Click to expand...

I give up... If you're seriously ok with strangers having your private information simply because there are measures in place to fix things after you've been screwed with then I don't know what to say...
 
Nzyme32 said:
This is the most likely explanation I have seen yet:
Click to expand...

Hey, thanks for posting that. Makes sense. Man, more than once we (my team and I) got ourselves into situations where the "recovery" was worse than the "failure." Especially in scenarios where downtime is never acceptable, a panic can take over.

Or, we fixed something, but didn't adequately document the fix, so the next time we had to recover a system, the countermeasures were lost.

Whatever the case, I hope Valve shares its root cause determination and countermeasures. Seemed like a long recovery, so I would like to hear about all of it, discovery, troubleshooting, the whole timeline. Don't know if that's realistic or not, but it's what my customers would have expected of me.

Thanks again for grabbing that Reddit post
 
So you know the part where I said that luckily a certain search engine's cache hadn't stored anyone's full address or phone number? About that...
 
Alvarez said:
As this is a caching issue, it's actually not a good idea to attempt to remove any information from Steam right now. By accessing (viewing) the information, you potentially air it to others. That said, the problem seems to have been fixed, but we have no confirmation of that yet.

My suggestion to everyone is to just stay out of your Steam's account management for now, wait for a statement from them, and then--regardless of what Valve says or doesn't say--check your bank/credit statements regularly for suspicious activity.
Click to expand...

Great. Even better. I've been dashing like mad to remove info because I got an email that my phone number had been removed from two step verification.

Valve not issuing a statement or instructions is unacceptable at this stage.
 
Alvarez said:
As this is a caching issue, it's actually not a good idea to attempt to remove any information from Steam right now. By accessing (viewing) the information, you potentially air it to others. That said, the problem seems to have been fixed, but we have no confirmation of that yet.

My suggestion to everyone is to just stay out of your Steam's account management for now, wait for a statement from them, and then--regardless of what Valve says or doesn't say--check your bank/credit statements regularly for suspicious activity.
Click to expand...

You see, this is the type of thing that I would expect to receive as an official tweet or forum post from Valve.
 
boredandlazy said:
I give up... If you're seriously ok with strangers having your private information simply because there are measures in place to fix things after you've been screwed with then I don't know what to say...
Click to expand...

It's not that I am OK with it I'm saying the actual result of "compromised information" is temporary and minimal in the long term.

These hackers and thieves profit off getting access to thousands of accounts and people's information, and getting each one for a small amount.

They have no interest in doing large or multiple transactions on one person or one person's card. That's how things get detected.
 
My account seems fine through the steam client, but I can't log in through the website. I'm just redirected back to the storefront when I try to log in. Anyone else?
 
Steampocolypse Now
apocalypsenowbdcap10_original.jpg
 
Snapshot King said:
So I came home and steam is logged in and sitting on the store page, like I left it. What should I do? Turn it off? Remove payment details? Nothing?
Click to expand...

Look at your transaction history to be safe, then if you want remove payment details, but it doesn't look like it's necessary.
 
I'm tired and just want to go bed and sleep knowing my personal info hasn't been breached. How hard is it to issue an official statement? What a fuckup, Valve.
 
People have to remember that this isn't like a standard data breach. Depending on if your info was seen and by who you may be perfectly safe. While I'm sure there may have been a few people taking notes it would taken time to do so and I doubt they'd get to a lot of people. Most people that saw others info will forget what they saw by tomorrow. Just something to think about. As far we know this wasn't the result of some group trying to get your personal info for malicious intent.
 
Glad I don't keep my payment info on Steam and put it in fresh each time if I want to buy something. I learned my lesson when my card info was hijacked from the big PSN takedown a few years ago.

Hopefully Steam will address this appropriately for everyone affected.
 
Edit: I was misinformed apparently. Still a really unfortunate breach. Thanks Stumpokapow

Valve definitely needs to take a look in the mirror, their customer service is apparently embarrassing and they were silent too long.
 
EleventhHourSuperpower said:
I feel really bad for SteamGAF, this should not be happening. The fact that some CC details have been stolen and used also implies that this is worse than the Sony hack...where no evidence of that happening existed, and Sony paid for CC monitoring services for customers for a good deal of time afterwards. To think that this is not even a hack but has caused greater damage in some regards....
Click to expand...

As of this juncture, there is no evidence that CC details have been stolen and used; there is some evidence that saved details were used to make transactions on Steam, but no evidence people had access to full CC information. That doesn't mean they didn't, of course, and it doesn't mean that your conclusion isn't right, I'm simply clarifying the situation as of right now.
 
It seems that if you've been looking at your account page recently, other people may randomly see your address or the last few digits of your credit card number. That's the worst of it.

Visiting your pages to remove info is a bad idea because that might actually cause other people to see it. Unauthorised purchases don't seem to be possible.

This is certainly an embarrassment for Valve, but unless you're really private about your address, it's not worth worrying too much.
 
And merry x-mas to you, Gabe. Why those pages are cached in first place? Why Valve said nothing? This is a big fuck-up, you can't change your account name so if you got exposed you will be forever under risk.
 
BlackBuzzard said:
We removed flash sales and gave you the biggest fail of the year.
Click to expand...

and region locked gifts, and time locked trades, and gave you shit discounts, and...

Slavik81 said:
It seems that if you've been looking at your account page recently, other people may randomly see your address or the last few digits of your credit card number. That's it.

Visiting your pages to remove info is a bad idea because that might actually cause other people to see it. Unauthorised purchases don't seem to be possible.

This is certainly an embarrassment for Valve, but unless you're really private about your address, it's not worth worrying too much.
Click to expand...

Yea, and who is really private about their billing address and phone number amirite?
 
Could a kind soul/mod keep the OP updated?

Gotta sleep and this thread will be possibly 100+ pages when I wake.

Happy Christmas all, peace out.
 
Man volvo going hard this year, first the pollution thing now this? j/k. Fallout for this is going to be amazing, good knowing my e-mail, adress, name, dob got leaked to the entire interwebz as a christmas present.
 
7DollarHagane said:
It's not that I am OK with it I'm saying the actual result of "compromised information" is temporary and minimal in the long term.

These hackers and thieves profit off getting access to thousands of accounts and people's information, and getting each one for a small amount.

They have no interest in doing large or multiple transactions on one person or one person's card. That's how things get detected.
Click to expand...


Imagine that some people sat and just grabbed all the data they could get their hands on, and compiled a list of that. Username, e-mail, name, address, phone, country and whatever else. Then they use it themselves somehow, or worse (?) just release it to the public on the internet. Now it's open to everyone to see what usernames and e-mails are connected to what IRL information. Then you cross check the information to various old database leaks, or upcoming ones. Or just figure out personal information about some guy on reddit or another forum, who happened to use the same username or e-mail.
 
Any page I view in the Steam client doesn't have me signed in. Not sure whether I should re-login to my client or not.

I'm really disappointed no word from Valve has happened yet. This is what, over 3 hours since this started?
 
You must log in or register to reply here.

Similar threads

PSYCHO DEAD | Gameplay Reveal Trailer (Third-person survival horror) [PS5, Steam]
23
150
Macattk15 replied
  • Poll
Steam users threaten to boycott Metal Eden for using AI voices
News Drama  2 3
117
1K
rkofan87 replied
Digimon Story Time Stranger debuts with over 70k concurrent users on Steam (~11x the launch CCU of Digimon Survive)
Sales-Age 
5
88
Liopleurodon replied
Steam hits 40m concurrent users.
3 4 5 6 7
300
16K
rodrigolfp replied
[The Verge] Xbox Ally pricing and preorders info coming today. [Update] Prices revealed: $999 Z2 Extreme; $599 Z2
7 8 9 10 11
544
1K
Duchess replied
Top Bottom