Steam security issue revealed personal info to other users on XMas Day (fixed)

I don't know if it was asked, but is my credit card safe? I don't remember if I have Steam attached to my debit card (Which was just changed and won't be right anyway) or my credit card. I don't use PayPal on Steam so I didn't need to disconnect that.

I don't even want to open it to check either way. Thankfully I haven't gotten any emails from Steam about any purchases or anything yet.
 
Seriously though, I came home to a logged in steam. I have no idea what to do. I want to change my payment shit (delete it) but I can't be certain that that won't activate my personal stuff and cache it on google.

I bought a few things yesterday, does that count?
 
Over/under on Valve actually sending out a security leak e-mail sometime this year or just pretending nothing happened to their gargantuan userbase that might not have had their eyes on internet forums tonight and just sweep it under the carpet like a truly scumbag company?
 
Things fuck up sometimes, even if it shouldn't happen, it sometimes does. But what really should happen, is Valve pulling the fucking servers when they knew of this problem. Letting it stay up for that long was pretty terrible, but completely in line with their terrible customer support I guess.
 
Logged in. Everything good. Re-verified my email, and it's all good.

JaseC said:
It doesn't count, really. Moderators are not in any way affiliated with Valve itself, as much as many of them pretend to be -- they know nothing more than any of us and are certainly in no position to speak in an official capacity. The grossly inflated sense of self-importance moderators on official forums tend to have is annoying, frankly -- such as when Darkspore went down for a few days a couple of years ago and a global mod posted an announcement that the game had been shut down, which was later replaced with an actual official announcement to the contrary by Maxis itself.
Click to expand...

I imagined it was something like this, but I didn't want to sound mean haha. But thanks, Jase!
 
What a load of bollocks. First the issue where someone forgot to put a null check on the reset password form and now this?

They really need to get their act together. :|

I've been logged into Steam all day(I tend to leave my computer on even if I'm not at it), but I haven't received any weird emails or anything so far.
 
I like to think that someone at valve got super drunk cause it's Christmas and accidentally press the wrong button.

He spill his beer all over his keyboard, then vomited on it and loss consciousness and then face planted on his keyboard and then it happened.
 
If you remember when people from the internet were calling to a doctor because they thought he had something to do with MGSV, and are okay with randoms having your private information, including telephone number and house address (where your children might live), then something is wrong with your priorities.
 
Snapshot King said:
Seriously though, I came home to a logged in steam. I have no idea what to do. I want to change my payment shit (delete it) but I can't be certain that that won't activate my personal stuff and cache it on google.

I bought a few things yesterday, does that count?
Click to expand...
Probably, Pat. If this was indeed a caching problem on Steam's end I doubt your data was evicted from cache within a day. So your stuff was probably as accessible as was mine for the entirety of this. Let's just hope with a cock-up like this Google gets its shit together and deletes whatever pages they cached and Valve tells us what was actually going on soon.
 
EdibleExplosives said:
So if I didn't log in during the time Steam was fucked, am I safe?
Click to expand...

If you didn't use the cart / account details pages (ie the ones that could be cached and had your personal info) in the time period a few hours prior too and during the issue - then you should in theory have nothing to worry about. It shouldn't be possible to actually do anything to the other persons account / buy stuff etc since the person will not be logged in under the same credentials, so when you attempt to do so you get a log in screen or error.

The big issue here is that it would have been possible for a nefarious party to perhaps screencap random peoples info over that period. This included either address, phone number, account name, email address, last 4 digits of card number - depending on the pages viewed.
 
DeadlyParasite said:
So I haven't signed in to steam at all today yet, is this a bad thing or what?
Click to expand...

We don't know. And given how Valve is on holiday (if they haven't gotten employees pulled to fix this yet) we won't know until Monday at the latest.

It's best to err on the side of caution and monitor your stuff/e-mails saying anything has changed if it's actions you yourself haven't done.
 
7DollarHagane said:
Just to be clear I'm not defending steam I'm just saying that compromised information isn't the hassle or nightmare people make it out to be. If someone wanted your address they could probably get it easier ways than hacking steam.

It's a total clusterfuck that shouldn't have happened but I'm just calling for people to be rational and realize that they aren't in any kind of real danger.
Click to expand...

But overzealous outrage is so much more fun! :(

All the people saying "I'm never using Steam again!" seem to forget the PSN hack, which was much much MUCH worse yet we all seem to be over that. *shrug*
 
Nzyme32 said:
If you didn't use the cart / account details pages (ie the ones that could be cached and had your personal info) in the time period a few hours prior too and during the issue - then you should in theory have nothing to worry about. It shouldn't be possible to actually do anything to the other persons account / buy stuff etc since the person will not be logged in under the same credentials, so when you attempt to do so you get a log in screen or error.

The big issue here is that it would have been possible for a nefarious party to perhaps screencap random peoples info over that period. This included either address, phone number, account name, email address, last 4 digits of card number - depending on the pages viewed.
Click to expand...

Alright thanks :)
 
Everything looks fine to my account now, i even farmed the cards, except if i go to edit my cc information and check if everything is ok it does not let me do it. I click edit, i choose my card and then it throws me back at steam "account details" page.
 
Toad King said:
But overzealous outrage is so much more fun! :(

All the people saying "I'm never using Steam again!" seem to forget the PSN hack, which was much much MUCH worse yet we all seem to be over that. *shrug*
Click to expand...

I honestly don't remember the PSN hack giving hackers my address information and telephone number. Seriously, did it?
 
Toad King said:
But overzealous outrage is so much more fun! :(

All the people saying "I'm never using Steam again!" seem to forget the PSN hack, which was much much MUCH worse yet we all seem to be over that. *shrug*
Click to expand...

I can understand their fears, though some of the reactions are odd, I can still understand where they are coming from. Companies do need to step-up their security game
 
I was hoping by the time I finished reading up on this post, Valve would have released a statement. Sad it did not.

I guess I will delete my payment information... Do these contain the saved billing address? That's the one I'm pissed off the most about; it was seriously possible to see a home address, phone number and e-mail address of a person through that.
 
Toad King said:
But overzealous outrage is so much more fun! :(

All the people saying "I'm never using Steam again!" seem to forget the PSN hack, which was much much MUCH worse yet we all seem to be over that. *shrug*
Click to expand...
It's not the Olympics of "who doxxed me first?"
It's shitty no matter how you cut it, and downplaying it is in super poor taste.
 
Nzyme32 said:
If you didn't use the cart / account details pages (ie the ones that could be cached and had your personal info) in the time period a few hours prior too and during the issue - then you should in theory have nothing to worry about. It shouldn't be possible to actually do anything to the other persons account / buy stuff etc since the person will not be logged in under the same credentials, so when you attempt to do so you get a log in screen or error.

The big issue here is that it would have been possible for a nefarious party to perhaps screencap random peoples info over that period. This included either address, phone number, account name, email address, last 4 digits of card number - depending on the pages viewed.
Click to expand...

When did the issue start? I was going through the recommendation page around noon and might have clicked on my cart, I'm not sure.
 
Echoing what others have said, stuff like this can happen. However, not notfifying your customers you are aware there is a problem, and that you're working on it is just not even remotely ok.
 
Toad King said:
But overzealous outrage is so much more fun! :(

All the people saying "I'm never using Steam again!" seem to forget the PSN hack, which was much much MUCH worse yet we all seem to be over that. *shrug*
Click to expand...

Much worse? Your info was publicly available to anyone who went to the steam website. And it was entirely valves fault, they didn't get hacked. Their own security system was shown to be trash. Plus the fact that earlier this year you could legit log onto ANY steam account without knowing it's password.... It's about time people stop worshipping valve as some god. They have massively fucked up twice now. They will have to earn peoples trust back.

The two aren't similair in any way, people need to stop bringing up the PSN hack as some kind of comparison or to diminish what is going on. Seriously. Your personal info was leaked to anyone. And again, in the same god damn year they had a bug where you could LOG anyone's account. Not even by "hacking" just leaving a the confirmation field blank and pressing enter. You could log any account. What the fuck.

It's insane how bad their security is.
 
True Fire said:
The most upsetting part of all of this is the fact that people will forgive Steam after a few weeks.
Click to expand...

Steam is not a person. You don't "forgive" a service. Don't be hyperbolic.


It's a discussion about security issues- Like Apple, Google, Sony and whatever else it is a constant scrutiny. Talk about it in the context of what it is.
 
Got back from a 2 day trip to find I couldn't log in to Steam on my ipad since my home internet went down again. Was wondering what could be wrong when my daughter texted me worried "dad, I'm reading a lot of stuff on Twitter about something going on with Steam right now". Ah well, not much else to do but play the waiting game.
 
Juan29.zapata said:
I honestly don't remember the PSN hack giving hackers my address information and telephone number. Seriously, did it?
Click to expand...

Sony's response

As stated above, Sony Network Entertainment America has not been able to conclude with certainty through the forensic analysis done to date that credit card information was not transferred from the PlayStation Network system. We know that for other personal information contained in the account database, the hacker made queries to the database, and the external forensics teams have seen large amounts of data transferred in response to those queries. Our forensics teams have not seen the queries and corresponding data transfers of the credit card information.
Click to expand...
 
Maxim726X said:
Just reading about this now... How would we know if our personal information was compromised?
Click to expand...
If the guess is right and its a caching problem, you probably don't.
Edit: I mean if you didn't access steam within the time period that cache started acting up or several hours before it - they could probably tell you that you weren't affected. But if you did, I don't see a way to find out.
 
You must log in or register to reply here.

Similar threads

PSYCHO DEAD | Gameplay Reveal Trailer (Third-person survival horror) [PS5, Steam]
23
150
Macattk15 replied
  • Poll
Steam users threaten to boycott Metal Eden for using AI voices
News Drama  2 3
117
1K
rkofan87 replied
Digimon Story Time Stranger debuts with over 70k concurrent users on Steam (~11x the launch CCU of Digimon Survive)
Sales-Age 
5
90
Liopleurodon replied
Steam hits 40m concurrent users.
3 4 5 6 7
300
16K
rodrigolfp replied
[The Verge] Xbox Ally pricing and preorders info coming today. [Update] Prices revealed: $999 Z2 Extreme; $599 Z2
7 8 9 10 11
544
1K
Duchess replied
Top Bottom