To you. For alot of us it isn't.
Steam security issue revealed personal info to other users on XMas Day (fixed)
- Thread starter Quirah
- Start date
To you. For alot of us it isn't.
UcchedavÄda
Member
Check your purchase history.
You should be able to see if anyone has made any purchases.
EDIT: Derp. Missed that you mentioned your order history. Maybe it's just the servers still being janky, then.
finalflame
Banned
An arbitration clause and class-action waiver are not against the law nor is agreeing to them.
TheSpoiler
Member
https://twitter.com/BenJanca
His shit got rolled back, so it's possible the same could happen for others.
The Dear Leader
Banned
People have been reporting that their PayPal accounts have been emptied and charges made to their payment method on Steam, being worried is entirely natural when not a lot of information is out there except for the fact that something is messed up.
All of that you can find in a phonebook though. The worst part is partial CC information, which while not as bad as an actual hack is still easy to use to get access to accounts elsewhere.
Maybe companies will stop taking partial CC info as identifying information in the future, but lol
For folks with Paypal linked to Valve, go login to Paypal and unauthorized Steam from the list of approved merchants. Should at least keep that portion safe. Glad I took my CC's down years ago. Will only do pre-paid cards from now on.
Also, will this be the kick in the nuts for Valve to improve their terrible customer service department? They are a multi-billion revenue business and their CS operates like it's a volunteer position. Time to step up to Amazon levels, damn it Valve.
Also, will this be the kick in the nuts for Valve to improve their terrible customer service department? They are a multi-billion revenue business and their CS operates like it's a volunteer position. Time to step up to Amazon levels, damn it Valve.
alfredofroylan
Member
My account seems fine, the 0.06 mexican pesos that I left on my wallet are still there.
Well I looking at the account details on steam mobile.
me neither
Disaster Nebraska
Banned
Having configured plenty of caching and CDN services (not just Akamai and Varnish, but xCache, WP Total Cache, Litespeed, and CloudFlare) I do not think it's a "misconfoguration". You don't go into a cache software's .config or what have you and go "oops I just accidentally allowed everyone to see other people's info".
People who are being told it's caching are probably being misled. I could very well be wrong but this isn't what happens when a caching service goes down or gets "Misconfigured".
At best if it IS caching, then it means Steam has been caching unencrypted customer information at remote servers and/or at their local server, which is a massive no-no for PCI compliance and CC processing standards.
Seems wise, lol.
Caching for dynamic user related content is a no go per se. If someone pushed a new version of the account page with caching enabled it could cause this problem. It would also explain why people saw the same subset of users. Those poor guys were the first to open the new account page and for every respective server they hit they became the cached page.
Kaisersalsek
Member
Yessss, my £0.08 is still there. Loaded
Arrogant Bastard
Banned
Same.
chrominance
Member
Probably no more fucked than anyone else. No one is yet sure who was able to access what other people's info, or if there was any rhyme or reason to it. So it essentially comes down to a) did anyone manage to get your page in the lottery during the hour the site was up, and b) did they do anything with your account. I don't think being logged in or not affected anything; if it was indeed a cache issue (jury's still out), it would depend on whether you accessed your own account details recently, and what the definition of "recently" is to Steam's server cache.
LiquidMetal14
hide your water-based mammals
Everything looks normal on my end. As it was before.
I can confirm that nothing got charged on my account, and that no other accounts have been created with my information. I will keep an eye out to make sure no accounts are created.
I highly recommend that anyone using Paypal for your Steam purchases to use the Paypal security key. It uses two factor authentication so not only do you have to log in using your password but also a key you receive via text message.
I highly recommend that anyone using Paypal for your Steam purchases to use the Paypal security key. It uses two factor authentication so not only do you have to log in using your password but also a key you receive via text message.
shira
Member
Got my account info up now. All anyone could see was the last two letters of my Visa card, country, & one of my email addresses... While not ideal, it could've been a lot worse.
Nothing unusual in the purchase history, and no difference in account funds, but I've deleted my CC info.
Nothing unusual in the purchase history, and no difference in account funds, but I've deleted my CC info.
SpacePirate Ridley
Member
Even if you still need to put the security number, I really want to go in and take my credit card info and other important information out now.
But im also scared to do it now because we dont really know if this could be still a problem.
Waiting to see what other people are doing.
But then, its valve, maybe we are going to wait some days before an offciail response becuase they have monkeys working in some departments there.
I feel like there's a joke to be made here about Valve's tendency to promote user-created content, but I don't have the wit to come up with it.
Anyway, is it safe to log back on or no? I was hoping to play some games, not really planning to buy anything right now.
spons
Gold Member
During login I got "Verifying login credentials" or something like that, gets stuck then gives a connection error. I've restarted the client and now everything seems normal though.
Might be an idiot for doing this but I suppose Valve fixed the leak when they rebooted the entire thing.
Hopefully.
Might be an idiot for doing this but I suppose Valve fixed the leak when they rebooted the entire thing.
Hopefully.
Well between playing computer games and protecting myself from identity theft I know which one I'd pick.
You've blatantly mislead people as to the extent of the risk for some 50 pages now. You don't get to play that card.
Are you for real?
Haha.
TheGamingBox
Banned
still cant login
Incendiary
Banned
So if I have a credit card linked to my account, do I need to cancel my card? I haven't been logged in since Tuesday and haven't logged in today, am I okay? Maybe I should wait for the whole thing to calm down.
Yeah, I think I'll be waiting as well.
So what would put people's card info I risked? I deleted mine just now btw.
JSoup
Banned
A lot of people live in a fantasy world.
Name? Address? Phone number? All that information can be used for identity theft and other horrible things?
Meh, at least I can still play Half-Life 2.
Why are people who buy trading cards are idiots?
It was just a joke because Valve hardly ever says anything officially
Delusibeta
Banned
Again, I predict that your personal details has been breached at least twice before today.
It's looking like it's more or less all over after three hours, and therefore it'll be completely forgotten about before the new year.
That seems rather excessive considering your Paypal password is not stored in steam at anytime. The only thing exposed related to paypal is your paypal email adress and your related personal info.
Similar threads
- Poll