• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Thank you guys. I just reported my card as 'stolen' to block future purchases through my banks automated system. I'd advise you all to do the same if yours has the option to do that.
 

Sn4ke_911

If I ever post something in Japanese which I don't understand, please BAN me.
Why are people now trying to delete and mess with other people's stuff? just log out of steam and wait until it's fixed. Jesus.
 

Saiyan-Rox

Member
If Valve does do compensation, I would laugh my ass off if they gave everyone TF2.


latest

.
 
How hard is it to just fucking shut off outside access to steam while this massive clusterfuck is going on? Jesus Christ Valve. This is unbelievable.
 

RoyalFool

Banned
Except I just deleted some ones CC one someones account

If it also sends the session cookie with the cache, it's not just showing you the page but effectively logging you in as them bypassing all security. The only saving grace is the cache is updating so rapidly by the time you submit it fails 99% of the time as it's already serving up a new cached page from someone else thus your cookie gets rejected
 

furfoots

Member
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

BS. I can view addresses and phone numbers from registered CCs.
 
I get that this is sort of embarrassing but whats the problem? No one can actually see your important info. All the profiles just show "card ending in xxxx-1234" or "phone number ending 1234". The security measures are actually working here.

Last 4 digits is often enough for social engineering attacks (assuming you have emails, addresses, etc - no where could you get that here).
 

taco543

Member
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

Except I made it all the way to the purchase confirmation page on someones account with no passwords entered, and that many others have had games bought with their accounts, and that also many people have had their info changed... so this post is invalid.
 
It's not as bad as the PSN debacle, but it really is bad. Valve certainly isn't done, but the developer that pushed this live might be.

It's worse. Depending how long this has been active for people could have lost millions that Valve will have to compensate for.
 
I can confirm that you can indeed see people's real names and credit card billing addresses. Full phone numbers too.

SHUT IT DOWN VALVE. SHUT IT THE FUCK DOWN.
 

hitmon

Member
So I tried logging in on the browser prior to finding out about this and the recommendation to avoid steam altogether.. Is my account screwed?
 

Easy_D

never left the stone age
I don't think they can change your email without going through Steam guard.



Just don't save payment information, that's the smartest thing to do on any website.

Yeah but I put it up there for the holiday sale and forgot to remove it after buying the few games I wanted. I wish Valve just had a "hook up directly to bank account" payment option, just use the mobile bankID app and presto. Easy, fast and safe.

Edit: Apparently playing an online game prevents anyone from logging into your account per /r/Steam Moderator. So I'm just gonna play some Chivalry and murder nubs until this blows over.
 

gofreak

GAF's Bob Woodward
So I'm either in someone else's shopping cart or someone else has put things in mine. The username in the top right is my own.

Can't access my account information though, just keeps asking me to login.
 

Dispatch

Member
I just removed the option for Valve to automatically receive payments from PayPal.

Is this the worst security breach in gaming history?
 

Bread

Banned
How does something like this even happen...Fuck valve this is screwed up I better not get anything charged to my card.
 

Joqu

Member
I can confirm that you can indeed see people's real names and credit card billing addresses.

SHUT IT DOWN VALVE. SHUT IT THE FUCK DOWN.

THIS THIS THIS. I've logged out and I hope that did the trick but come on man. Why the fuck are things still up??? This is insane
 
Top Bottom