• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hey Guest. Check out the NeoGAF 2.2 Update Thread for details on our new Giphy integration and other new features.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Quirah

Member
Mar 5, 2013
566
0
0
Istanbul - Turkey
My friend informed me. When you go into 'Account Information' via Steam Client, it leads you to other peoples pages.

I looked at it and there is another guys page named 'minkey***' and it has saved credit card information, which is not mine. I can see his mail address clearly. Also if that random guy has money in Steam Wallet, I think you can spend it too. Mine has $0 at all.

I think big security issue is happening right now. You can check it with Steam Client. I am not gonna upload a screenshot because I dont want to spoil that guys e-mail address or other info.

Mod edit: Dont post usernames

What we know so far

  • Most likely an error in the way Steam caches pages.
  • People are able to access random Steam profiles and see compromising information, account names, emails, last 2 digits of credit card, paypal email address, purchases, etc.
  • No changes can be made to the effected account, no purchases can be made. Any evidence to the country is, as of yet, unsubstantiated.
  • It's been advised to not access Steam URLs, including the client, until we have more information.
  • Do not post account names you see, huge security risk.





I'll update this post with more information going forward.
 
Jun 11, 2006
9,239
0
0
I was in the indie sale thread and started ctrl-clicking on the store pages in post #2, and I kept ending up in other people's accounts. WTF is going on here?
 

Tenebrous

Member
Nov 24, 2014
9,285
0
0
Wow, what? Where can I see "Account Information"? I can only find Account Details by clicking the username next to my available funds, but that page doesn't load (302 warning).
 

Castef

Mambar
Sep 7, 2011
5,738
235
970
Italy
it.ign.com
I was in the indie sale thread and started ctrl-clicking on the store pages in post #2, and I kept ending up in other people's accounts. WTF is going on here?

Same for me.

In addition, the language for the store front is chaning at every click and I can't revert it back to mine.
 

Hektor

Member
Mar 10, 2015
11,285
0
425
O
steamcommunity.com
Looks like it's possible to access random people's Purchase history/Remove games, see their email and phone number and all if the people in the steathread don't post bullshit. Fuckin hell
 

CrackaF3tt

Member
Jul 22, 2011
840
0
640
31
Bronx
Yup just checked and i see some other dudes info. I can see his last 4 digit for his phone number, his steam wallet amount, contact email.
 

chadskin

Member
May 27, 2013
13,088
3
0
I just noticed this as well here. I was on a game page in the store and noticed it said two of "my friends" own this game already but I have no idea who they are.

store.steampowered.com in the browser also leads me to the Russian site, with no way to change it back to German / English.
 

LDAF

Member
Mar 23, 2013
691
0
0
Holy shit, I just got a guy with $20 in your account. You're right, this needs to be fixed NOW.
 

gigantor21

Member
Jan 2, 2013
3,735
0
0
Holy shit, I just checked my account and everything was randomly in Spanish. I'm in someone else's account too. What the fuck?
 

HaRyu

Unconfirmed Member
Nov 7, 2007
3,247
0
0
It was rotating through different languages for me.

And now it looks like I'm logged into someone elses account (for the Store section at least).
 

Fergie

Banned
Nov 25, 2011
14,423
0
0
Seems so. Language changed to Spanish and the currency from £ to €.


And now it's in $.
 

Bunta

Fujiwara Tofu Shop
Mar 27, 2013
8,816
5
0
Uhhh yeah, I'm seeing the same thing when I go into my steam wallet.
 

Soyongdori

Member
Mar 9, 2012
3,910
0
0
home
Holy fucking shit, you can edit someone else's credit card info.

This is a complete fuck up by steam. Fucking fix it now.
 

Sputnik

Neo Member
Jul 25, 2014
8
0
0
I got access to the account of some stranger too, but a different user than you.

Someone in the comments on his page said Steam might be getting DDoSed right now?

Either way, Valve better deal with this quickly.
 

DMTripper

Member
May 14, 2015
644
0
0
UK
Just logged on to see my account in Russian... According to reddit people are seeing other people's accounts but not all the info to steal payment details. Still pretty shady tho!

I've logged out and will wait and see what happens. Something pretty doggy is going on :-(