Major security issue happening right now, apparently. If you go to your account information you get someone else's info. I've checked it out and tried to access my own details but I'm pulling completely different people.
Fuck knows how you can pull your credit card information off their system if you can't even access your account.
I don't know if any Steam users on here should do anything! Suggestions?
Looks like they have now pulled access to it - I'd be interested in finding out what went wrong with it all - and how much they will come clean with it all
I tried the main apple app and it does not let me in , however going to the website (without logging in) gets random peoples info - usernames / phone numbers / steam balance and who knows what else - so its busted - they need to take it offline *now*
"People" saying its a cache issue (and a "cash" issue, AMIRITE!?) and the best course is to not interact with your account. It's not like you can change your credit deets so I suppose you just sit and wait to see if you've been fucked.
Hmm yes definitely something a bit dicky going on.... I can't bring up the Steam homepage at all in a browser, I can bring up Steam on my PC, but the Store is totally dead.
I've got Steam Guard on my account (basically the mobile authenticator) so I'm hoping my account is secure, plus they do that 'email on access from a new device' thing by default now and have done for ages?
Just have to watch how this one pans out from here on in I guess.....
Looks like they have now pulled access to it - I'd be interested in finding out what went wrong with it all - and how much they will come clean with it all
At a guess: some fucked up cache somewhere that wasn't correctly session-scoped. Although why would it appear on Christmas day? That either suggests there's something date-specific about the bug, or load specific and Steam took a hammering today, or (shudder) Valve don't do prod freezes.
Hmm yes definitely something a bit dicky going on.... I can't bring up the Steam homepage at all in a browser, I can bring up Steam on my PC, but the Store is totally dead. .
Probably been taken down in the emergency while they fix it. You couldn't leave it up in that state.
Joined: 30th Mar, 2008 Posts: 8019 Location: Cardiff
Crikey, wasn't online yesterday, barely ever am on Christmas Day, so I'm guessing as I wasn't logged in I wasn't affected, right? Still, major dropped ball from Steam there, heads will be a-rolling no doubt.
By all accounts nothing could actually be stolen/changed or otherwise mucked around with, any attempt to do so brought up some sort of 'this is not your account' message.
That said if you read the thread on the Steam Forums others are claiming otherwise.
I've done a once-over on my account, library, inventory, details etc and all is in order.
My Steam account has a strong, unique password on it, and I've got the SteamGuard Mobile Authenticator, and email verification for when a new device accesses my account - so hopefully it should be OK.
You could only have a class action in the UK and the states (as far as I know US law) if there was financial loss.
The Information Commissioners Office in the UK could impose a fine for breach of the DPA. Might be tricky with Valve not being over here. i'm not sure what they could do about transatlantic companies. Must be a minefield.
1) If you weren't logged into Steam at all during the 'caching configuration error' then no one saw anything related to your account.
2) If you were logged into Steam at the time, other people may have seen cached account pages intended for you, this is limited to stuff like your Steam account name, the last few digits of your credit card/phone number, linked PayPal email address, real email address, purchase history. I fall into this category and I'm not too bothered, although not delighted either.
3) If you were making purchases at the time or had products in your cart, then other people may have seen your cart checkout screen, this is the most problematic one as it has real name, full address and full phone number on it, in addition to the cached screens that could have been seen in (2). If I were in this category I'd be somewhat narked.
Oh I don't believe for one second anyone who says they got stuff bought on their account or password changed or anything like that, which is why I didn't even mention it above. (Plus it would mean that Valve have flat out lied in both of their statements.)
The other thing here is that it was impossible to target whose details you saw, so it was just random people seeing other random people's account details - which lowers the risk area IMO.
Users browsing this forum: Columbo, The Greys and 0 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum