Update 2: Last night’s problem with the caching system on Steam which dished out user information has now been resolved. A statement was finally released in the support thread which appeared yesterday evening.
“Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”
Great to hear this has all been cleared up but once again the response from Valve comes after the event and not during. This always has users speculating about the cause and safety of the Steam’s systems. It’s probably about time Valve came up with a better way to tell Steam users directly about problems as they happen and not rely on the community to spread the message which usually gets twisted along the way.
Update 1: The issue has apparently been resolved but there is still no official update from Valve so we still advise some caution.
If there was ever a time you don’t want things to go wrong it’s on Christmas day but frustratingly for Steam users there’s a major problem with Steam and you should all stay off it.
First of all I just want to say it’s unacceptable that Valve have not posted any information about this security problem and they should be held to account for any problems this may cause their customers.
What appears to have happened in the last few hours is a caching system on their servers has activated in areas that should not be cached, specifically user account information pages. Users have found that when accessing their own account information they are seeing other customer’s information such as name, email addresses and addresses.
It doesn’t appear that credit card information is being displayed or that unauthorised users can charge or take anything from accounts. It is still serious as all user information should be deemed sensative. Information that can be seen includes:
- Connected Credit card number last 2* digits
- Steam account username
- Community profile
- Email connected to the account
- Steam guard on/off
- Email of the paypal account
- Last 4 digits of phone number
- Family shared connected accounts/devices
- Purchase history
The advice right now is not to open Steam in a browser you may be logged in with and do not use the Steam client store tab. To be safe, our advice is to keep off Steam until Valve get off their backsides and release some official update.
As this is a serious issue we are setting this as the main feature image until this is resolved.