Steam Christmas Issues Explained

Steam News has an official statement on the problems on Steam on Christmas, explaining why some users were able to see details from other accounts. They explain the incidents stemmed from issues with a caching solution that was implemented to combat a denial of service attack, and offer the following outline of exactly what happened:
On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.
View : : :
26 Replies. 2 pages. Viewing page 1.
Newer [  1  2  ] Older
26.
 
removed
Dec 31, 2015, 19:57
26.
removed Dec 31, 2015, 19:57
Dec 31, 2015, 19:57
 
* REMOVED *
This comment was deleted on Dec 31, 2015, 22:43.
25.
 
removed
Dec 31, 2015, 19:31
25.
removed Dec 31, 2015, 19:31
Dec 31, 2015, 19:31
 
* REMOVED *
This comment was deleted on Dec 31, 2015, 22:43.
A mask is not a political statement.
It's an IQ test.
It's a compassion test.
It's a decency test.
It's a social responsibility test.
Avatar 58135
24.
 
removed
Dec 31, 2015, 19:09
24.
removed Dec 31, 2015, 19:09
Dec 31, 2015, 19:09
 
* REMOVED *
This comment was deleted on Dec 31, 2015, 22:44.
23.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 18:38
23.
Re: Steam Christmas Issues Explained Dec 31, 2015, 18:38
Dec 31, 2015, 18:38
 
RedEye9 wrote on Dec 31, 2015, 16:16:
BitWraith wrote on Dec 31, 2015, 15:05:
Essentially this was a non-issue. People lost their shit over hashed out phone numbers and credit card numbers.

I'm sure Valve was caught off guard by the blow-back. In their eyes, nothing really happened.

+1, the usual suspects freaking out over nothing.
First world problems strike again.

In some payment cases it was shown to give out home addresses. If its such a non-issue then you would be ok posting your home address here along with your name. Not that I personally care to have it, but if its such a non-big deal then your ok with the idea so by all means go ahead.
Avatar 58207
22.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 16:16
22.
Re: Steam Christmas Issues Explained Dec 31, 2015, 16:16
Dec 31, 2015, 16:16
 
BitWraith wrote on Dec 31, 2015, 15:05:
Essentially this was a non-issue. People lost their shit over hashed out phone numbers and credit card numbers.

I'm sure Valve was caught off guard by the blow-back. In their eyes, nothing really happened.

+1, the usual suspects freaking out over nothing.
First world problems strike again.
A mask is not a political statement.
It's an IQ test.
It's a compassion test.
It's a decency test.
It's a social responsibility test.
Avatar 58135
21.
 
Re: Steam comms
Dec 31, 2015, 15:31
21.
Re: Steam comms Dec 31, 2015, 15:31
Dec 31, 2015, 15:31
 
Doombringer wrote on Dec 31, 2015, 10:43:
all the good press is because they butter us up with sales. Their support blows.

Yep, and their sales keep getting worse and worse (not their fault, I fully realize that publishers are pushing to keep their games priced higher for longer), so I do expect that wave of goodwill to start evaporating at some point.

Like harlock said, we've been getting fed bullshit for so long now that it's become the status quo.
Avatar 15604
20.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 15:05
20.
Re: Steam Christmas Issues Explained Dec 31, 2015, 15:05
Dec 31, 2015, 15:05
 
Essentially this was a non-issue. People lost their shit over hashed out phone numbers and credit card numbers.

I'm sure Valve was caught off guard by the blow-back. In their eyes, nothing really happened.
Avatar 57722
19.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 11:28
19.
Re: Steam Christmas Issues Explained Dec 31, 2015, 11:28
Dec 31, 2015, 11:28
 
It's not easy getting answers from lawyers during the holiday season.

That said, I ordered my "I survived Steam's Christmas Fail" Tee, it's in the mail. Loud and proud.
Avatar 17232
18.
 
Steam comms
Dec 31, 2015, 10:43
18.
Steam comms Dec 31, 2015, 10:43
Dec 31, 2015, 10:43
 
Steam's communications team sucks. Typical Valve in that regard. For a company that's as well-regarded as they are ... all the good press is because they butter us up with sales. Their support blows.

TB calls them out on this and I found his comments were on point. We've been giving Valve a pass on almost everything and ... sure, I love a Steam Sale, but they need better support, communications, accountability. No other major retailer would get so much glad-handing as Valve does.
17.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 10:26
17.
Re: Steam Christmas Issues Explained Dec 31, 2015, 10:26
Dec 31, 2015, 10:26
 
Steam did everything they could and they did it in a timely manner. Nothing to see here.
A mask is not a political statement.
It's an IQ test.
It's a compassion test.
It's a decency test.
It's a social responsibility test.
Avatar 58135
16.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 09:28
16.
Re: Steam Christmas Issues Explained Dec 31, 2015, 09:28
Dec 31, 2015, 09:28
 
they fucked up, they should have come clean as soon as it happened

amateur hour shit.. which is the norm nowadays, so everyone is like "whats the big deal?"

well the big deal is that you've gotten used to it.. you are comfortable with it.. you've "settled" for bullshit, and now you opened the door for it to get so much worse
15.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 08:47
15.
Re: Steam Christmas Issues Explained Dec 31, 2015, 08:47
Dec 31, 2015, 08:47
 
Cutter wrote on Dec 30, 2015, 21:48:
Exactly. How hard is it to put out a statement to assuage fears? Steam is an excellent example of what's wrong with virtual monopolies and why everyone else and his dog wants a digital platform now too.
What? That's exactly what Valve has done here. I'm pleasantly surprised by how forthright Valve has been - the company took action to address the issue and explained to users the precise nature of the incident. It takes time to ascertain the exact nature of the issue, the legal ramifications and run it through the chain of command, especially when they're so busy with a sale like this.

Could Valve's response have been quicker? Absolutely, but it's still dramatically better than most companies manage. Shit happens but at least Valve is being open about it so that people can find out whether they're affected by this.

I hope that Valve offers protection and compensation to anyone adversely affected by this issue. I know that Sony offered fraud protection to those affected by its breach.
"The price of freedom is eternal vigilance."
Avatar 22891
14.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 06:07
14.
Re: Steam Christmas Issues Explained Dec 31, 2015, 06:07
Dec 31, 2015, 06:07
 
Steam : bla bla
All the zombies : OK

Fucking spyware
13.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 05:34
El Pit
 
13.
Re: Steam Christmas Issues Explained Dec 31, 2015, 05:34
Dec 31, 2015, 05:34
 El Pit
 
ZeroPike1 wrote on Dec 31, 2015, 05:21:
El Pit wrote on Dec 31, 2015, 05:14:
ZeroPike1 wrote on Dec 31, 2015, 03:51:
When this happened all they had to do was even put up a Steam service is down due to technical issues message.

Helo, Staem is doun for mandenanse. Ve are sory ve haev sirius teknikal prolbems. Pliese iknor anny confedentail infromatoin of other usrs you cann sea hear. You're info iss saif with uss!

I assume your making fun of a person with bad English typing a fake message into Steam. Not creative and you wasted your time. Even more so the facts show it was at worse a DDoS which is not hacking. Its an annoyance tool and a system destroyer at worst, not a Hacker.

Sory me is for yuo nod speaking funy. I hev gate bisiness oportunitee for yu. If yuo gif me your akount nummber, I vil sent you monney.

Yur frennds from Staem!

DON'T DO IT!

https://youtu.be/IlMoDUBIg00

This comment was edited on Dec 31, 2015, 05:39.
"There is no right life in the wrong one." (Theodor W. Adorno, philosopher)
"Only a Sith deals in absolutes." (Obi-Wan Kenobi, Jedi)
12.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 05:21
12.
Re: Steam Christmas Issues Explained Dec 31, 2015, 05:21
Dec 31, 2015, 05:21
 
El Pit wrote on Dec 31, 2015, 05:14:
ZeroPike1 wrote on Dec 31, 2015, 03:51:
When this happened all they had to do was even put up a Steam service is down due to technical issues message.

Helo, Staem is doun for mandenanse. Ve are sory ve haev sirius teknikal prolbems. Pliese iknor anny confedentail infromatoin of other usrs you cann sea hear. You're info iss saif with uss!

I assume your making fun of a person with bad English typing a fake message into Steam. Not creative and you wasted your time. Even more so the facts show it was at worse a DDoS which is not hacking. Its an annoyance tool and a system destroyer at worst, not a Hacker.
Avatar 58207
11.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 05:14
El Pit
 
11.
Re: Steam Christmas Issues Explained Dec 31, 2015, 05:14
Dec 31, 2015, 05:14
 El Pit
 
ZeroPike1 wrote on Dec 31, 2015, 03:51:
When this happened all they had to do was even put up a Steam service is down due to technical issues message.

Helo, Staem is doun for mandenanse. Ve are sory ve haev sirius teknikal prolbems. Pliese iknor anny confedentail infromatoin of other usrs you cann sea hear. You're info iss saif with uss!
"There is no right life in the wrong one." (Theodor W. Adorno, philosopher)
"Only a Sith deals in absolutes." (Obi-Wan Kenobi, Jedi)
10.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 05:03
10.
Re: Steam Christmas Issues Explained Dec 31, 2015, 05:03
Dec 31, 2015, 05:03
 
Ho ho ho!
I have a nifty blue line!
Avatar 46994
9.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 03:51
9.
Re: Steam Christmas Issues Explained Dec 31, 2015, 03:51
Dec 31, 2015, 03:51
 
When this happened all they had to do was even put up a Steam service is down due to technical issues message. Instead they did something scary like let word of mouth get to people, and fearing account information is being stolen.

Load up steam, store is down or acting funny. Check around with friends and websites, it goes from DDoS attack, to Header caching problem, to a hacker attack thanks to the new form of Cyber Terrorism of hacking for the lulz.

That is what actually happened that day to anybody that gives a fly about there growing expensive Steam accounts. And to somebody not wanting to share payment details to just anybody.

5-Days to get to the very bottom of what happened? ok that's fine. But day one, Soon as they knew there was something going on, there should have been at least a warning or something official. Not second hand guessing as it was off a Google search like I was doing.
Avatar 58207
8.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 03:24
NKD
8.
Re: Steam Christmas Issues Explained Dec 31, 2015, 03:24
Dec 31, 2015, 03:24
NKD
 
BIGtrouble77 wrote on Dec 31, 2015, 01:47:
Highly unlikely that the "caching partner" (most likely Akamai) will have any data on this. They are optimized for performance, not logging something that's virtually impossible to log anyway.

I think Valve added that last comment knowing fully it's BS.

Not necessarily. When discovering the issue, they could well have requested that Akamai store the current cache to inspect later. You're correct that, in normal circumstances, there would be no long term retention of data. But the fact that this was caught while it was ongoing means they could certainly have had Akamai freeze that data. At that point it's just a matter of sifting through it and hopefully finding a nice automated way of identifying which user accounts go with what cached pages.
Thou art an artless, greasy tallow-catch.
Avatar 43041
7.
 
Re: Steam Christmas Issues Explained
Dec 31, 2015, 01:47
7.
Re: Steam Christmas Issues Explained Dec 31, 2015, 01:47
Dec 31, 2015, 01:47
 
Highly unlikely that the "caching partner" (most likely Akamai) will have any data on this. They are optimized for performance, not logging something that's virtually impossible to log anyway.

I think Valve added that last comment knowing fully it's BS.
Avatar 20018
26 Replies. 2 pages. Viewing page 1.
Newer [  1  2  ] Older