Steam security issue revealed personal info to other users on XMas Day (fixed)

#1
My friend informed me. When you go into 'Account Information' via Steam Client, it leads you to other peoples pages.

I looked at it and there is another guys page named 'minkey***' and it has saved credit card information, which is not mine. I can see his mail address clearly. Also if that random guy has money in Steam Wallet, I think you can spend it too. Mine has $0 at all.

I think big security issue is happening right now. You can check it with Steam Client. I am not gonna upload a screenshot because I dont want to spoil that guys e-mail address or other info.

Mod edit: Dont post usernames

What we know so far

  • Most likely an error in the way Steam caches pages.
  • People are able to access random Steam profiles and see compromising information, account names, emails, last 2 digits of credit card, paypal email address, purchases, etc.
  • No changes can be made to the effected account, no purchases can be made. Any evidence to the country is, as of yet, unsubstantiated.
  • It's been advised to not access Steam URLs, including the client, until we have more information.
  • Do not post account names you see, huge security risk.





I'll update this post with more information going forward.
 
#5
Wow, what? Where can I see "Account Information"? I can only find Account Details by clicking the username next to my available funds, but that page doesn't load (302 warning).
 
#10
Looks like it's possible to access random people's Purchase history/Remove games, see their email and phone number and all if the people in the steathread don't post bullshit. Fuckin hell
 
#13
I just noticed this as well here. I was on a game page in the store and noticed it said two of "my friends" own this game already but I have no idea who they are.

store.steampowered.com in the browser also leads me to the Russian site, with no way to change it back to German / English.
 

HaRyu

Unconfirmed Member
#31
It was rotating through different languages for me.

And now it looks like I'm logged into someone elses account (for the Store section at least).
 
#49
I got access to the account of some stranger too, but a different user than you.

Someone in the comments on his page said Steam might be getting DDoSed right now?

Either way, Valve better deal with this quickly.
 
#50
Just logged on to see my account in Russian... According to reddit people are seeing other people's accounts but not all the info to steal payment details. Still pretty shady tho!

I've logged out and will wait and see what happens. Something pretty doggy is going on :-(