Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:

Steam Christmas Issues Explained

Steam News has an official statement on the problems on Steam on Christmas, explaining why some users were able to see details from other accounts. They explain the incidents stemmed from issues with a caching solution that was implemented to combat a denial of service attack, and offer the following outline of exactly what happened:

On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam userís billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.

View
26 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >

26. removed Dec 31, 2015, 19:57 harlock
 
* REMOVED *
This comment was deleted on Dec 31, 2015, 22:43.
 
Reply Quote Edit Delete Report
 
25. removed Dec 31, 2015, 19:31 RedEye9
 
* REMOVED *
This comment was deleted on Dec 31, 2015, 22:43.
 
Avatar 58135
 
"The Universe is under no obligation to make sense to you." Neil deGrasse Tyson
Reply Quote Edit Delete Report
 
24. removed Dec 31, 2015, 19:09 harlock
 
* REMOVED *
This comment was deleted on Dec 31, 2015, 22:44.
 
Reply Quote Edit Delete Report
 
23. Re: Steam Christmas Issues Explained Dec 31, 2015, 18:38 ZeroPike1
 
RedEye9 wrote on Dec 31, 2015, 16:16:
BitWraith wrote on Dec 31, 2015, 15:05:
Essentially this was a non-issue. People lost their shit over hashed out phone numbers and credit card numbers.

I'm sure Valve was caught off guard by the blow-back. In their eyes, nothing really happened.

+1, the usual suspects freaking out over nothing.
First world problems strike again.

In some payment cases it was shown to give out home addresses. If its such a non-issue then you would be ok posting your home address here along with your name. Not that I personally care to have it, but if its such a non-big deal then your ok with the idea so by all means go ahead.
 
Avatar 58207
 
Reply Quote Edit Delete Report
 
22. Re: Steam Christmas Issues Explained Dec 31, 2015, 16:16 RedEye9
 
BitWraith wrote on Dec 31, 2015, 15:05:
Essentially this was a non-issue. People lost their shit over hashed out phone numbers and credit card numbers.

I'm sure Valve was caught off guard by the blow-back. In their eyes, nothing really happened.

+1, the usual suspects freaking out over nothing.
First world problems strike again.
 
Avatar 58135
 
"The Universe is under no obligation to make sense to you." Neil deGrasse Tyson
Reply Quote Edit Delete Report
 
21. Re: Steam comms Dec 31, 2015, 15:31 Creston
 
Doombringer wrote on Dec 31, 2015, 10:43:
all the good press is because they butter us up with sales. Their support blows.

Yep, and their sales keep getting worse and worse (not their fault, I fully realize that publishers are pushing to keep their games priced higher for longer), so I do expect that wave of goodwill to start evaporating at some point.

Like harlock said, we've been getting fed bullshit for so long now that it's become the status quo.
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
20. Re: Steam Christmas Issues Explained Dec 31, 2015, 15:05 BitWraith
 
Essentially this was a non-issue. People lost their shit over hashed out phone numbers and credit card numbers.

I'm sure Valve was caught off guard by the blow-back. In their eyes, nothing really happened.
 
Avatar 57722
 
Big Box PC Game Collectors - https://www.facebook.com/groups/311204112360601/
Reply Quote Edit Delete Report
 
19. Re: Steam Christmas Issues Explained Dec 31, 2015, 11:28 HorrorScope
 
It's not easy getting answers from lawyers during the holiday season.

That said, I ordered my "I survived Steam's Christmas Fail" Tee, it's in the mail. Loud and proud.
 
Avatar 17232
 
Reply Quote Edit Delete Report
 
18. Steam comms Dec 31, 2015, 10:43 Doombringer
 
Steam's communications team sucks. Typical Valve in that regard. For a company that's as well-regarded as they are ... all the good press is because they butter us up with sales. Their support blows.

TB calls them out on this and I found his comments were on point. We've been giving Valve a pass on almost everything and ... sure, I love a Steam Sale, but they need better support, communications, accountability. No other major retailer would get so much glad-handing as Valve does.
 
Reply Quote Edit Delete Report
 
17. Re: Steam Christmas Issues Explained Dec 31, 2015, 10:26 RedEye9
 
Steam did everything they could and they did it in a timely manner. Nothing to see here.  
Avatar 58135
 
"The Universe is under no obligation to make sense to you." Neil deGrasse Tyson
Reply Quote Edit Delete Report
 
16. Re: Steam Christmas Issues Explained Dec 31, 2015, 09:28 harlock
 
they fucked up, they should have come clean as soon as it happened

amateur hour shit.. which is the norm nowadays, so everyone is like "whats the big deal?"

well the big deal is that you've gotten used to it.. you are comfortable with it.. you've "settled" for bullshit, and now you opened the door for it to get so much worse
 
Reply Quote Edit Delete Report
 
15. Re: Steam Christmas Issues Explained Dec 31, 2015, 08:47 theyarecomingforyou
 
Cutter wrote on Dec 30, 2015, 21:48:
Exactly. How hard is it to put out a statement to assuage fears? Steam is an excellent example of what's wrong with virtual monopolies and why everyone else and his dog wants a digital platform now too.
What? That's exactly what Valve has done here. I'm pleasantly surprised by how forthright Valve has been - the company took action to address the issue and explained to users the precise nature of the incident. It takes time to ascertain the exact nature of the issue, the legal ramifications and run it through the chain of command, especially when they're so busy with a sale like this.

Could Valve's response have been quicker? Absolutely, but it's still dramatically better than most companies manage. Shit happens but at least Valve is being open about it so that people can find out whether they're affected by this.

I hope that Valve offers protection and compensation to anyone adversely affected by this issue. I know that Sony offered fraud protection to those affected by its breach.
 
Avatar 22891
 
8700K @ 4.9GHz / Kraken X62 / 32GB DDR4
GTX 1080 Ti OC / Optane 900P
Reply Quote Edit Delete Report
 
14. Re: Steam Christmas Issues Explained Dec 31, 2015, 06:07 Luke
 
Steam : bla bla
All the zombies : OK

Fucking spyware
 
Reply Quote Edit Delete Report
 
13. Re: Steam Christmas Issues Explained Dec 31, 2015, 05:34 El Pit
 
ZeroPike1 wrote on Dec 31, 2015, 05:21:
El Pit wrote on Dec 31, 2015, 05:14:
ZeroPike1 wrote on Dec 31, 2015, 03:51:
When this happened all they had to do was even put up a Steam service is down due to technical issues message.

Helo, Staem is doun for mandenanse. Ve are sory ve haev sirius teknikal prolbems. Pliese iknor anny confedentail infromatoin of other usrs you cann sea hear. You're info iss saif with uss!

I assume your making fun of a person with bad English typing a fake message into Steam. Not creative and you wasted your time. Even more so the facts show it was at worse a DDoS which is not hacking. Its an annoyance tool and a system destroyer at worst, not a Hacker.

Sory me is for yuo nod speaking funy. I hev gate bisiness oportunitee for yu. If yuo gif me your akount nummber, I vil sent you monney.

Yur frennds from Staem!

DON'T DO IT!

https://youtu.be/IlMoDUBIg00

This comment was edited on Dec 31, 2015, 05:39.
 
They're waiting for you, Gabe, in the test chamber!
Reply Quote Edit Delete Report
 
12. Re: Steam Christmas Issues Explained Dec 31, 2015, 05:21 ZeroPike1
 
El Pit wrote on Dec 31, 2015, 05:14:
ZeroPike1 wrote on Dec 31, 2015, 03:51:
When this happened all they had to do was even put up a Steam service is down due to technical issues message.

Helo, Staem is doun for mandenanse. Ve are sory ve haev sirius teknikal prolbems. Pliese iknor anny confedentail infromatoin of other usrs you cann sea hear. You're info iss saif with uss!

I assume your making fun of a person with bad English typing a fake message into Steam. Not creative and you wasted your time. Even more so the facts show it was at worse a DDoS which is not hacking. Its an annoyance tool and a system destroyer at worst, not a Hacker.
 
Avatar 58207
 
Reply Quote Edit Delete Report
 
11. Re: Steam Christmas Issues Explained Dec 31, 2015, 05:14 El Pit
 
ZeroPike1 wrote on Dec 31, 2015, 03:51:
When this happened all they had to do was even put up a Steam service is down due to technical issues message.

Helo, Staem is doun for mandenanse. Ve are sory ve haev sirius teknikal prolbems. Pliese iknor anny confedentail infromatoin of other usrs you cann sea hear. You're info iss saif with uss!
 
They're waiting for you, Gabe, in the test chamber!
Reply Quote Edit Delete Report
 
10. Re: Steam Christmas Issues Explained Dec 31, 2015, 05:03 InBlack
 
Ho ho ho!  
Avatar 46994
 
I have a nifty blue line!
Reply Quote Edit Delete Report
 
9. Re: Steam Christmas Issues Explained Dec 31, 2015, 03:51 ZeroPike1
 
When this happened all they had to do was even put up a Steam service is down due to technical issues message. Instead they did something scary like let word of mouth get to people, and fearing account information is being stolen.

Load up steam, store is down or acting funny. Check around with friends and websites, it goes from DDoS attack, to Header caching problem, to a hacker attack thanks to the new form of Cyber Terrorism of hacking for the lulz.

That is what actually happened that day to anybody that gives a fly about there growing expensive Steam accounts. And to somebody not wanting to share payment details to just anybody.

5-Days to get to the very bottom of what happened? ok that's fine. But day one, Soon as they knew there was something going on, there should have been at least a warning or something official. Not second hand guessing as it was off a Google search like I was doing.
 
Avatar 58207
 
Reply Quote Edit Delete Report
 
8. Re: Steam Christmas Issues Explained Dec 31, 2015, 03:24 NKD
 
BIGtrouble77 wrote on Dec 31, 2015, 01:47:
Highly unlikely that the "caching partner" (most likely Akamai) will have any data on this. They are optimized for performance, not logging something that's virtually impossible to log anyway.

I think Valve added that last comment knowing fully it's BS.

Not necessarily. When discovering the issue, they could well have requested that Akamai store the current cache to inspect later. You're correct that, in normal circumstances, there would be no long term retention of data. But the fact that this was caught while it was ongoing means they could certainly have had Akamai freeze that data. At that point it's just a matter of sifting through it and hopefully finding a nice automated way of identifying which user accounts go with what cached pages.
 
Avatar 43041
 
Welcome to the Retirement Home for Old People Terrified Of Change
Reply Quote Edit Delete Report
 
7. Re: Steam Christmas Issues Explained Dec 31, 2015, 01:47 BIGtrouble77
 
Highly unlikely that the "caching partner" (most likely Akamai) will have any data on this. They are optimized for performance, not logging something that's virtually impossible to log anyway.

I think Valve added that last comment knowing fully it's BS.
 
Avatar 20018
 
Reply Quote Edit Delete Report
 
26 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >


footer

Blue's News logo