| Be Excellent To Each Other https://www.beexcellenttoeachother.com/forum/ |
|
| Steam Security Issue https://www.beexcellenttoeachother.com/forum/viewtopic.php?f=3&t=10650 |
Page 1 of 1 |
| Author: | Satsuma [ Fri Dec 25, 2015 21:58 ] |
| Post subject: | Steam Security Issue |
http://m.neogaf.com/showthread.php?t=1162196 Major security issue happening right now, apparently. If you go to your account information you get someone else's info. I've checked it out and tried to access my own details but I'm pulling completely different people. Fuck knows how you can pull your credit card information off their system if you can't even access your account. I don't know if any Steam users on here should do anything! Suggestions? |
|
| Author: | zaphod79 [ Fri Dec 25, 2015 22:02 ] |
| Post subject: | Re: Steam Security Issue |
Looks like they have now pulled access to it - I'd be interested in finding out what went wrong with it all - and how much they will come clean with it all |
|
| Author: | Satsuma [ Fri Dec 25, 2015 22:05 ] |
| Post subject: | Re: Steam Security Issue |
You sure? I'm still getting someone else's account details. |
|
| Author: | Satsuma [ Fri Dec 25, 2015 22:08 ] |
| Post subject: | Re: Steam Security Issue |
Just tried a mock purchase and it won't let me purchase at the basket. I can still see a different account's deets even if I log in and out. Weird shit. |
|
| Author: | zaphod79 [ Fri Dec 25, 2015 22:16 ] |
| Post subject: | Re: Steam Security Issue |
I tried the main apple app and it does not let me in , however going to the website (without logging in) gets random peoples info - usernames / phone numbers / steam balance and who knows what else - so its busted - they need to take it offline *now* |
|
| Author: | Satsuma [ Fri Dec 25, 2015 22:21 ] |
| Post subject: | Re: Steam Security Issue |
"People" saying its a cache issue (and a "cash" issue, AMIRITE!?) and the best course is to not interact with your account. It's not like you can change your credit deets so I suppose you just sit and wait to see if you've been fucked. |
|
| Author: | Hearthly [ Fri Dec 25, 2015 22:33 ] |
| Post subject: | Re: Steam Security Issue |
Hmm yes definitely something a bit dicky going on.... I can't bring up the Steam homepage at all in a browser, I can bring up Steam on my PC, but the Store is totally dead. I've got Steam Guard on my account (basically the mobile authenticator) so I'm hoping my account is secure, plus they do that 'email on access from a new device' thing by default now and have done for ages? Just have to watch how this one pans out from here on in I guess..... |
|
| Author: | Hearthly [ Fri Dec 25, 2015 22:36 ] |
| Post subject: | Re: Steam Security Issue |
Reddit: https://www.reddit.com/r/Steam/comments ... _on_steam/ |
|
| Author: | Doctor Glyndwr [ Fri Dec 25, 2015 23:52 ] |
| Post subject: | Re: Steam Security Issue |
zaphod79 wrote: Looks like they have now pulled access to it - I'd be interested in finding out what went wrong with it all - and how much they will come clean with it all At a guess: some fucked up cache somewhere that wasn't correctly session-scoped. Although why would it appear on Christmas day? That either suggests there's something date-specific about the bug, or load specific and Steam took a hammering today, or (shudder) Valve don't do prod freezes. |
|
| Author: | Doctor Glyndwr [ Fri Dec 25, 2015 23:53 ] |
| Post subject: | Re: Steam Security Issue |
Hearthly wrote: Hmm yes definitely something a bit dicky going on.... I can't bring up the Steam homepage at all in a browser, I can bring up Steam on my PC, but the Store is totally dead. . Probably been taken down in the emergency while they fix it. You couldn't leave it up in that state. |
|
| Author: | Hearthly [ Sat Dec 26, 2015 10:42 ] |
| Post subject: | Re: Steam Security Issue |
Caching issue is the official reason, no hack, they say. Attachment: steamo.JPG
|
|
| Author: | NervousPete [ Sat Dec 26, 2015 11:19 ] |
| Post subject: | Re: Steam Security Issue |
Crikey, wasn't online yesterday, barely ever am on Christmas Day, so I'm guessing as I wasn't logged in I wasn't affected, right? Still, major dropped ball from Steam there, heads will be a-rolling no doubt. |
|
| Author: | Hearthly [ Sat Dec 26, 2015 12:06 ] |
| Post subject: | Re: Steam Security Issue |
By all accounts nothing could actually be stolen/changed or otherwise mucked around with, any attempt to do so brought up some sort of 'this is not your account' message. That said if you read the thread on the Steam Forums others are claiming otherwise. I've done a once-over on my account, library, inventory, details etc and all is in order. My Steam account has a strong, unique password on it, and I've got the SteamGuard Mobile Authenticator, and email verification for when a new device accesses my account - so hopefully it should be OK. It's still a big fuck-up on Valve's part though. |
|
| Author: | myp [ Sat Dec 26, 2015 12:13 ] |
| Post subject: | Re: Steam Security Issue |
It's certainly a breach of the DPA, that's for sure. Wouldn't be surprised to see a class-action suit arise from this. |
|
| Author: | Satsuma [ Sat Dec 26, 2015 12:27 ] |
| Post subject: | Re: Steam Security Issue |
You could only have a class action in the UK and the states (as far as I know US law) if there was financial loss. The Information Commissioners Office in the UK could impose a fine for breach of the DPA. Might be tricky with Valve not being over here. i'm not sure what they could do about transatlantic companies. Must be a minefield. |
|
| Author: | Hearthly [ Fri Jan 01, 2016 11:27 ] |
| Post subject: | Re: Steam Security Issue |
Official statement from Valve now out. http://www.eurogamer.net/articles/2015- ... rs-details My reading of the situation is this: 1) If you weren't logged into Steam at all during the 'caching configuration error' then no one saw anything related to your account. 2) If you were logged into Steam at the time, other people may have seen cached account pages intended for you, this is limited to stuff like your Steam account name, the last few digits of your credit card/phone number, linked PayPal email address, real email address, purchase history. I fall into this category and I'm not too bothered, although not delighted either. 3) If you were making purchases at the time or had products in your cart, then other people may have seen your cart checkout screen, this is the most problematic one as it has real name, full address and full phone number on it, in addition to the cached screens that could have been seen in (2). If I were in this category I'd be somewhat narked. TotalBiscuit video here - |
|
| Author: | DavPaz [ Fri Jan 01, 2016 11:46 ] |
| Post subject: | Re: Steam Security Issue |
The Tom Scott was pretty concise |
|
| Author: | Hearthly [ Fri Jan 01, 2016 12:36 ] |
| Post subject: | Re: Steam Security Issue |
Oh I don't believe for one second anyone who says they got stuff bought on their account or password changed or anything like that, which is why I didn't even mention it above. (Plus it would mean that Valve have flat out lied in both of their statements.) The other thing here is that it was impossible to target whose details you saw, so it was just random people seeing other random people's account details - which lowers the risk area IMO. It's still not great on Valve's part though. |
|
| Page 1 of 1 | All times are UTC [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|