Support NeoGAF

[Usobuko]

A small company, right...
They are estimated to be worth billions of dollars. (2-4billion $ according to a forbes staff article)
It is purely their decision as a for profit commercial corporation not to hire more staff.
Your post is more damning than helping valve, because it is implying that despite their huge profits they are still not willing to spend a portion of it on proper customer support staff.

Iirc, that valuation is a few years ago. Valve user grew much more now with Dota2, CS leading the charge. Not to mention the growth of PC gaming in general and the various, more robust monetary schemes ( trading cards ) in place than before.

Valve is tremendously loaded. Valve is inadequately staffed by choice. Gabe once compare the profits per employee and says Valve is better than Google in this metric. It's basically Valve like to have their cake and eat it.

It was just in this very thread you have people asking for patinence with a big company like Valve, which is ironic because it seems both categories suit them whenever it is convienent. Far too many people sees PC gaming and Steam as one, when there are other services and hemisphere around.

Like I said, I will happily pay a premium to buy shares of Valve if they are publicly traded. Incredible branding it had forged in such a short time. I will like to board the Valve train, Gabe. Please.

 

[Lalalandia]

I hope we see some actual journalism into WTF happened here instead of the usual pass given to Valve. It's amazing how running good value sales has given them a pass for terrible customer service for years. If leaking PII and a weak sauce statement about how you couldn't spend someone else moneys so it's all cool doesn't get hauled over the coals what will?

Oh and a major e-commerce vendor like Valve doesn't have Christmas, the staff responsible for payments and ensuring all those Steam cards are able to be redeemed are all there. 'It was Christmas' is no more an excuse for Valve's shitty response than it is for the incident itself

 

[Keihart]

Maybe Valve hired some storm troopers.

Did this only affected those who connected to steam while it was happening?
I didn't logged in while this was happening.

 

[cyba89]

Maybe Valve hired some storm troopers.

Did this only affected those who connected to steam while it was happening?
I didn't logged in while this was happening.

We don't have anything official from Valve, but it was a caching issue and by that very likely only affected those users who connected to steam shortly before or during the event.

 

[PaulLFC]

So we're into the 27th and still no apology from Valve.

I know their customer service is famously shit, but their PR now too? Yes an apology doesn't technically mean anything but it's just what you do when you fuck up this badly. The fact they're going "nothing to see here, move on everyone" in that piss-poor statement is a joke. Hopefully there's some sort of organisation that can hold them to account for this.

 

[Keihart]

We don't have anything official from Valve, but it was a caching issue and by that very likely only affected those users who connected to steam shortly before or during the event.

Thanks!

 

[Dunkley]

I hope we see some actual journalism into WTF happened here instead of the usual pass given to Valve. It's amazing how running good value sales has given them a pass for terrible customer service for years. If leaking PII and a weak sauce statement about how you couldn't spend someone else moneys so it's all cool doesn't get hauled over the coals what will?

Oh and a major e-commerce vendor like Valve doesn't have Christmas, the staff responsible for payments and ensuring all those Steam cards are able to be redeemed are all there. 'It was Christmas' is no more an excuse for Valve's shitty response than it is for the incident itself

Definitely, I hope journalists bring to attention what Valve remains silent on.

Their behaviour is completely inexcusable.

 

[UrbanRats]

Addresses and phone numbers? That's actually worse than i thought.

For now i'll remove my billing info and try to buy games elsewhere whenever i can (activating them on steam afterwards).
Seems like Valve can't be trusted with sensible information, and i don't like their attitude towards this fuck up.

 

[SlipperyFishes]

If the response given to Kotaku was official and given by Valve, they can fuck right off. They are a professional company that have million of users worldwide and from their response, it feels like they don't give a shit what happens to their users.

It was. Other outlets were given the exact same boilerplate message.

 

[Beefy]

Very unfortunate.

Valve is a company. They'll try to minimize any type of screw up and try to manage outrage as much as possible. Carefully crafted PR is just but one part of that strategy. At the end of the day Valve employees can be sympathetic with users regarding what happened on a personal level, it's after all a screw up on their end but they got a business to run and protect (lawsuits and long term image damage).

Well the way they didn't tell everyone straight away is going to make the UK and EU sue. If they had handled it differently they wouldn't have.

 

[Dunkley]

Very unfortunate.

Valve is a company. They'll try to minimize any type of screw up and try to manage outrage as much as possible. Carefully crafted PR is just but one part of that strategy. At the end of the day Valve employees can be sympathetic with users regarding what happened on a personal level, it's after all a screw up on their end but they got a business to run and protect (lawsuits and long term image damage).

They screwed up, they gotta owe up to the consequences, no running from that. It was PII of their customers compromised and they have no right keeping them in the dark about that.

There's no if and but about it, it happened, and the compromise is severe. However if something like that happens it's your responsibility as a company to admit your mistakes and inform the possibly affected so they can take the necessary safety precautions, simply because the legal trouble will come one way or the other, but at least admitting to your mistakes and apologizing for all of it can work wonders for damage control on your image.

Or well, at least more than just keeping silent about it and pretending that short statement mentioning nothing about compromising PII sent to a couple gaming websites is sufficent.

 

[PaulLFC]

I have no idea if it'll do anything but I sent a quick email to Watchdog. I know they've investigated Sony in the past (most recently this year), so hopefully they get involved here.

Any other consumer organisations or bodies that would investigate this that we can contact?

 

[legend166]

It's actually pretty incredible how poorly Valve treat their customers. I don't understand it.

 

[Dangerblade]

Still waiting on the people saying it's not an issue to post their own personal details in this thread...

 

[Ludens]

Still waiting on the people saying it's not an issue to post their own personal details in this thread...

It's plenty of people which wrote exactly that in this thread

 

[cartoon_soldier]

The gaming media won't call out Valve, so nothing will happen. Same with so many Valve defenders too everywhere. Their CS has been shit for a long time.

If this issue happened on XBL or PSN there would have been a big firestorm already.

 

[Pie and Beans]

It's actually pretty incredible how poorly Valve treat their customers. I don't understand it.

They just sort of... lucked into being the biggest digital distributor by being one of the first and forced it with a killer app. Then as the money rolled in ensuring no real burning responsibilities, they got progressively worse and idealistic in management structure so people didn't have to do the 'tedious' jobs if they didn't want to (Customer service, actual management, etc).

Valve is the shit, freebird teenage son that's finally just driven the family car into a lampost and can be properly bollocked. Except they've not even bothered apologising to everyone yet even.

 

[FyreWulff]

It's actually pretty incredible how poorly Valve treat their customers. I don't understand it.

this is why we never give any company a de facto monopoly position no matter how "cool" they are at first glance

 

[yongeandcollege]

Do we know the scale of this? According to Wikipedia the 2011 PSN outage involved

Over 12,000 credit card numbers, albeit in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed

Is this Steam cache issue bigger than that? I guess it depends on how many users were logging on near the time this happened.

 

[Par Score]

You have zero perspective on how online companies operate, then.

There are always on-call engineers/people on other teams, hence why the problem got fixed. However, do you propose that the ENTIRE COMPANY not take holidays and stay at the office/working? Or that some people be forced to work while others are away? Or that the entire storefront be closed because the entire company isn't sitting at their desks?

This is top rank silliness right here.
None of that is how any Ecommerce-related anything works or will ever work for any company, let alone a company as small as Valve.

Hi, I work for, and have family who work for, exactly the sort of 24/7 online business that Valve is in. Online bookmakers, online storefronts, digital TV services, IP telephony, etc, etc.

All of those places are staffed at regular levels over the holidays, if not staffed above and beyond precisely because it is the holidays. My boyfriend was working 11 hours on Christmas Eve, 11 hours on Christmas Day, 11 hours on Boxing Day.

If any of those companies suffered the sort of mega-fuck-up Valve did, all of their customers would have been notified of it the same day. I am not asking for the world here, I am asking that Valve notifies their customers, something they have still failed to do days later.

If Valve can't run this sort of business, if they refuse to staff appropriately, then they should get the fuck out before they cause real harm to their users (if they haven't done so already). You don't get to take days off when it comes to the security of your users' private information.

What I find baffling is that Valve didn't warn its costumers directly about the issue. Instead of sending e-mails and/or warning us through Steam, they decided to release a (very) short message relayed by two intermediary, Gamespot and Kotaku, which most costumers probably don't visit.

Personal information was compromised. Costumers have a right to know that, and should have been contacted directly.

Exactly. As far as I'm concerned Valve has still failed to address this, as sending out some shoddy PR to a couple of games blogs is inadequate to the point of disbelief.

 

[Joni]

Do we know the scale of this? According to Wikipedia the 2011 PSN outage involved



Is this Steam cache issue bigger than that? I guess it depends on how many users were logging on near the time this happened.

That is not the PSN issue. That is a separate hack at Sony Online Entertainment, now Daybreak; not Sony Computer Entertainment. We don't have any numbers.

 

[DeepEnigma]

What a shit-show. I let a day go by before letting all of this absorb. This is bad, and what is even worse, is that they are going to pretend nothing happened.

There legitimately needs a full investigation launched on them. Companies can not be allowed to get away with these types of things. And people sticking up for them, quit GAF man, because you can not be more wrong at life right now.

 

[Diablohead]

These kinds of issues are the main reason why I avoid using my card online where possible, and if I do have to use it I never save details.

 

[Slayven]

this is why we never give any company a de facto monopoly position no matter how "cool" they are at first glance

amen, they are not your friend.

 

[Boombox On]

A small company, right...
They are estimated to be worth billions of dollars. (2-4billion $ according to a forbes staff article)
It is purely their decision as a for profit commercial corporation not to hire more staff.
Your post is more damning than helping valve, because it is implying that despite their huge profits they are still not willing to spend a portion of it on proper customer support staff.

Valve is a 300-400 person company.
A company that does e-commerce, game development, hardware manufacturing, and quite a bit more.
That's incredibly small.

Hi, I work for, and have family who work for, exactly the sort of 24/7 online business that Valve is in. Online bookmakers, online storefronts, digital TV services, IP telephony, etc, etc.

All of those places are staffed at regular levels over the holidays, if not staffed above and beyond precisely because it is the holidays. My boyfriend was working 11 hours on Christmas Eve, 11 hours on Christmas Day, 11 hours on Boxing Day.

I'm not saying no Valve employees are going to be working on Holidays; that obviously didn't happen. What I'm saying normal-day levels of productivity on Christmas day, even in ecommerce, is not very the norm except for massively-sized companies (in terms of workers).

And he's saying that's their decision to stay small and not due to circumstances. They certainly have the means to expand, but that would hurt their structure. It would benefit their customers but Valve is prioritizing their structure over them.

Ok, I misunderstood, and I do agree that their structure has plenty of holes in it, highlighted by the fact that even a cookie-cutter statement hasn't appeared yet.
But I don't know if that is a size thing rather than a focus thing. It sounds pedantic but If Valve was 5 times bigger than it is, it would probably still be designers and developers wall-to-wall.
I believe there is some quote somewhere where a Valve employee once said that PR/communication with your audience is everyone's responsibility. Clearly they can't get that to work out.

 

[Gentleman Jack]

You have zero perspective on how online companies operate, then.

Rubbish. If you're deploying code on Christmas Day you need more than barebones staff to have ample headroom to deal with any fallout from such a risky move. Even if it's an automated process that rotates machines behind a load balancer, you don't do something that risky during an enormous day of business without some kind of parachute. Proper communication is critical if you're a service based company. AWS/Akamai/Azure certainly don't go incommunicado for 3 hours and release more than a terse reply to a third party blog explaining the situation, no matter what holiday it is on the calendar.

Valve isn't off the hook because it's Christmas, it was entirely their decision do make these critical infrastructure changes in the middle of their biggest holiday sale.

 

[ashecitism]

Valve is a 300-400 person company.
A company that does e-commerce, game development, hardware manufacturing, and quite a bit more.
That's incredibly small.

And he's saying that's their decision to stay small and not due to circumstances. They certainly have the means to expand, but that would hurt their structure. It would benefit their customers but Valve is prioritizing their structure over them.

 

[robo]

I have no idea if it'll do anything but I sent a quick email to Watchdog. I know they've investigated Sony in the past (most recently this year), so hopefully they get involved here.

Any other consumer organisations or bodies that would investigate this that we can contact?

I think this would fall under ofcom in the UK, not sure who in US though.

Trying to sweep this under the carpet and not notify customers their data may have been compromised, may very well come back and bite em in the ass.

They can be fined for the data breach, but also for not doing the correct procedure in following up.time will tell I suppose.

 

[hardcastlemccormick]

I've had info leak through hacks like Gawker, Anime-On-Line.com, PSN and other services. What happened with Steam shouldn't have happened. What I've been saying the last few pages, is that it's more realistic for Valve to clarify the situation over the course of a few weeks, not within the space of an hour or two after the leak was stopped, as I've seen many people on here and Twitter vent about.

I don't use this word often on GAF, but I'll use it now:

Consumers are entitled to a response about data leaks that relate to them. If something involving their data occurs, those users must be notified quickly. When it comes to data breaches, hours can matter. Those users should have been found, notified, and given all information they need to stay safe.

Valve's silence on the issue for even a system-global status update is one of the most incompetent series of events I've seen in the gaming industry in a long time.

Valve is a 300-400 person company.
A company that does e-commerce, game development, hardware manufacturing, and quite a bit more.
That's incredibly small.

And it's clear they need more people. There's no justification for staying small if they're making that much money and being spread so thin.

 

[efyu_lemonardo]

Just wondering if some of you have sent emails to Valve's CS enquiring about this incident?

If not Valve, have you made enquiries with anyone else?

 

[hodgy100]

Now is not the time for valve to play coy like they usually do. A security breach is serious business no matter how it was caused. Now it seems that not much actual information that can be used dangerously was displayed but a page that is usually secure was made insecure. Valve owe it to their userbase to offer an explanation and formal apology at the absolute minimum.

Valve continue to suffer from the split personality of being both a retailer and a technology/software company. Perhaps they should consider spinning out steam to a subsidary company that can manage the service more conventionally while still providing oversight.

 

[Nzyme32]

Do we know the scale of this? According to Wikipedia the 2011 PSN outage involved



Is this Steam cache issue bigger than that? I guess it depends on how many users were logging on near the time this happened.

For a start that is the wrong info. That is the more recent attack. The 2011 PSN hack is still one of the largest data breaches in history where personally identifiable information from 77 million accounts may have been exposed. It was also a full on hack, with theft of data

The issue with Steam relates to cached pages for the account details page and one of the cart / checkout pages (where personal information is shown), where the cached pages for someone else were shown to a different random user. By the nature of the issue it could only last for a few hours prior to the issue (ie already cached pages that would start to be revealed when the issue began) and for a certain period during. Accessing pages was random and information for each page was different.

I would think it is extremely unlikely that in a generous estimated period of something like 8hrs there would have been over 77 million people accessing those pages. More so, with the PSN hack it was a targeted theft of a large amount of personal information for millions of users - ie it is known someone else with criminal intent has all that data. Meanwhile with the Steam caching issue, there is no telling what nefarious parties got involved after the news spread, or if any got involved at all, or if the data was screencaped and will be dumped on the web for others to abuse.

These are two very different situations, but regardless personal information has been exposed in both instances

 

[Murkas]

Not surprised they're remaining silent. They know they don't have to explain shit to their customers in a timely fashion.

Their fans are ok with below standard customer service support after all this time, so why should they explain?

 

[yongeandcollege]

For a start that is the wrong info. That is the more recent attack. The 2011 PSN hack is still one of the largest data breaches in history where personally identifiable information from 77 million accounts may have been exposed. It was also a full on hack, with theft of data

The issue with Steam relates to cached pages for the account details page and one of the cart / checkout pages (where personal information is shown), where the cached pages for someone else were shown to a different random user. By the nature of the issue it could only last for a few hours prior to the issue (ie already cached pages that would start to be revealed when the issue began) and for a certain period during. Accessing pages was random and information for each page was different.

I would think it is extremely unlikely that in a generous estimated period of something like 8hrs there would have been over 77 million people accessing those pages. More so, with the PSN hack it was a targeted theft of a large amount of personal information for millions of users - ie it is known someone else with criminal intent has all that data. Meanwhile with the Steam caching issue, there is no telling what nefarious parties got involved after the news spread, or if any got involved at all, or if the data was screencaped and will be dumped on the web for others to abuse.

These are two very different situations, but regardless personal information has been exposed in both instances

Do you know that someone has the data from PSN? I can't seem to find anything beyond the 77 million number which is simply a worst case upper bound for PSN. I'm asking what the worst case upper bound would be in the steam case.

 

[SlipperyFishes]

And he's saying that's their decision to stay small and not due to circumstances. They certainly have the means to expand, but that would hurt their structure. It would benefit their customers but Valve is prioritizing their structure over them.

It's so bad that they have a singular person for PR across the company, regardless of what the occasion is: sale, release of hats, outages like this.

I wonder what Doug Lombardi has to say about this now, or would be still send the same boilerplate email?

 

[Nzyme32]

Do you know that someone has the data from PSN? I can't seem to find anything beyond the 77 million number which is simply a worst case upper bound for PSN. I'm asking what the worst case upper bound would be in the steam case.

It's a maximum, not a known - hence the use of the word "may". I don't think it was knowable for what they could find, so all they can describe is the potential. The same is true with the Steam issue of cached pages, but saying the maximum potential for that could be higher than 77 million considering the nature of the issue and the time period at a generous level, seem like quite the reach to claim this is "worse" than the PSN issues. As a worse case upper bound, I have no idea. Steam has 120 million active users, which is defined as "90 days". Realistically data would be exposed for users that used those particular pages between something like 2hrs before and during (another 2 hours). How many people used those pages in that time. I'd take an uneducated guess at less than 1 million - how many pages were actually accessed during that period to see someone elses info, certainly less than whatever that number is

 

[cyba89]

It's so bad that they have a singular person for PR across the company, regardless of what the occasion is: sale, release of hats, outages like this.

So that's why their short statement they released about this is so casually worded like there was just a bug with the damage output of a new CSgo weapon.

 

[kamineko]

Still nothing? During my years in IT I think I only had... two Christmas holidays where I was not on-call. First as technical staff, and later as a manager. Any substantial problem (loss of critical business services) required a full report within 24 hours with a timeline, root cause analysis, and hard countermeasures (unless we really didn't know, but then we had to report on not knowing).

My employer didn't even offer web-based services (manufacturing), so outages did not affect the reputation of the company in the world. Even so, it was just expected that we would be effective in identifying and solving problems, and communicating effectively.

This whole situation seems very strange to me--I always felt an obligation to customers. I took pride in the work my team did, and when things went wrong I wanted to maintain the customer's trust. Not just for money (though I liked earning money), but because I respected my customers and my team.

I just started dealing with Steam again after many years away (I installed it for Half-Life 2 and didn't know what the hell it was).... have picked up quite a few games over the past year. I like the interface and sales. This might look like business as usual for those of you who have been dealing with Steam for a long time, but it's genuinely shocking to me.

I'm disappointed that Valve turned out to be... this.

 

[bjork]

So what's the course of action for users now? Is there anything we need to be doing in the client itself right now, or wait for more info still.

 

[PetriP-TNT]

So what's the course of action for users now? Is there anything we need to be doing in the client itself right now, or wait for more info still.

There's no actions to take at all nor there has been at any point. Either you were affected or not, and if you were there's really really tiny chance that someone who could use your info in a meaningful way has it now

 

[zashga]

It's kind of nuts that there still hasn't been any real statements from Valve detailing the scope of the breach (i.e. who was exposed and how much) or what actually happened. I guess they decided the situation didn't warrant cutting anyone's vacation short. We got one terse email relayed by third parties who inquired on our behalf and then... nothing.

Now I'm wondering if we'll get any more info before 2016.

 

[spinz]

It's kind of nuts that there still hasn't been any real statements from Valve detailing the scope of the breach (i.e. who was exposed and how much) or what actually happened. I guess they decided the situation didn't warrant cutting anyone's vacation short. We got one terse email relayed by third parties who inquired on our behalf and then... nothing.

Now I'm wondering if we'll get any more info before 2016.

No probably not. Their stance is that it was low impact, and theyr not going to say otherwise unless the situation forces it.
News sites are already forgetting about it. So valve isnt going to bring it up if they dont have to.

 

[Alucrid]

Valve is a 300-400 person company.
A company that does e-commerce, game development, hardware manufacturing, and quite a bit more.
That's incredibly small.



I'm not saying no Valve employees are going to be working on Holidays; that obviously didn't happen. What I'm saying normal-day levels of productivity on Christmas day, even in ecommerce, is not very the norm except for massively-sized companies (in terms of workers).



Ok, I misunderstood, and I do agree that their structure has plenty of holes in it, highlighted by the fact that even a cookie-cutter statement hasn't appeared yet.
But I don't know if that is a size thing rather than a focus thing. It sounds pedantic but If Valve was 5 times bigger than it is, it would probably still be designers and developers wall-to-wall.
I believe there is some quote somewhere where a Valve employee once said that PR/communication with your audience is everyone's responsibility. Clearly they can't get that to work out.

it's even more impressive that out of those 300-400 employees none of them know how to communicate important information to users

 

[Joni]

So what's the course of action for users now? Is there anything we need to be doing in the client itself right now, or wait for more info still.

Probably to inform your governmental data authority/privacy council to force Valve to actually give information.

 

[Stumpokapow]

So what's the course of action for users now? Is there anything we need to be doing in the client itself right now, or wait for more info still.

Well, the error is over. You could remove your attached payment methods, but that's a little like avoiding an airline because they had a crash yesterday.

Personally, since I was affected (i.e. my account was one of those whose information was leaked), I contacted support to find out what was leaked, to whom, what my recourse is, and next steps. But I don't think it makes sense for everyone using Steam to do that especially since we seem to have an indication that relatively few accounts were in that position. For example, 4 or 5 people contacted me about my account being involved; some from GAF, some random internet people. This is not to say that everyone who was affected got contacted, but I think it's notable that there are few other people on GAF claiming to be affected. So I suspect the actual number of accounts affected is somewhat low, but the anxiety I guess is not knowing if you're one of them.

Obviously if they get back to me I'll post their followup here.

 

[ashecitism]

Ok, I misunderstood, and I do agree that their structure has plenty of holes in it, highlighted by the fact that even a cookie-cutter statement hasn't appeared yet.
But I don't know if that is a size thing rather than a focus thing. It sounds pedantic but If Valve was 5 times bigger than it is, it would probably still be designers and developers wall-to-wall.
I believe there is some quote somewhere where a Valve employee once said that PR/communication with your audience is everyone's responsibility. Clearly they can't get that to work out.

Yes, it's mainly a structural thing. This current one can't scale. So if Valve wanted to expand they'd need to reorganize.

Or keep the current one for games and spin off Steam with a traditional structure.

 

[Ludens]

Well, the error is over. You could remove your attached payment methods, but that's a little like avoiding an airline because they had a crash yesterday.

Personally, since I was affected (i.e. my account was one of those whose information was leaked), I contacted support to find out what was leaked, to whom, what my recourse is, and next steps. But I don't think it makes sense for everyone using Steam to do that especially since we seem to have an indication that relatively few accounts were in that position. For example, 4 or 5 people contacted me about my account being involved; some from GAF, some random internet people. This is not to say that everyone who was affected got contacted, but I think it's notable that there are few other people on GAF claiming to be affected. So I suspect the actual number of accounts affected is somewhat low, but the anxiety I guess is not knowing if you're one of them.

Obviously if they get back to me I'll post their followup here.

Did you visit your account details page to be affected?

 

[Cosmic Schwung]

I think this would fall under ofcom in the UK, not sure who in US though.

Ico.org.uk would be the place to report it to in the UK.

 

[FyreWulff]

Yes, it's mainly a structural thing. This current one can't scale. So if Valve wanted to expand they'd need to reorganize.

Or keep the current one for games and spin off Steam with a traditional structure.

There are whole companies dedicated to this, that's who places like EA and so on hire to handle first level customer support. Valve could just contract with one of them.

 

[Crackbone]

Well, the error is over. You could remove your attached payment methods, but that's a little like avoiding an airline because they had a crash yesterday.

Personally, since I was affected (i.e. my account was one of those whose information was leaked), I contacted support to find out what was leaked, to whom, what my recourse is, and next steps. But I don't think it makes sense for everyone using Steam to do that especially since we seem to have an indication that relatively few accounts were in that position. For example, 4 or 5 people contacted me about my account being involved; some from GAF, some random internet people. This is not to say that everyone who was affected got contacted, but I think it's notable that there are few other people on GAF claiming to be affected. So I suspect the actual number of accounts affected is somewhat low, but the anxiety I guess is not knowing if you're one of them.

Obviously if they get back to me I'll post their followup here.

I think you hit the nail on the head.

I was online during this fiasco but I have no way of knowing if my information was one of the unfortunate ones.

Valve should do everything in their power to at least attempt to locate the accounts that were exposed and contact those users.

I doubt that's going to happen.