• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hey Guest. Check out the NeoGAF 2.2 Update Thread for details on our new Giphy integration and other new features.

Steam security issue revealed personal info to other users on XMas Day (fixed)

CoG

Member
Mar 10, 2007
4,116
0
0
Hitting refresh and cycling through a number of people's accounts. How does this happen?
 

Head.spawn

Junior Member
Sep 3, 2013
6,745
2
320
I see some Brazilian guys account in mine.

Holy shit Gaben. wtf did you do? Now maybe it's time to overhaul this Frankenstein piece of shit?

He even has Steam Guard.

edit: oh shit, so it's cycling through accounts now.
 

XiaNaphryz

LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
Nov 5, 2005
52,177
0
0
SF Bay Area
My account details are back to normal. Same happened for anyone else?

I was never even able to log into account details until just now. Never saw any weirdness other than that thankfully. Email looks right so noone messed with changing anything, and purchase history looks fine.
 

Brashnir

Member
Dec 31, 2005
17,646
0
0
Now I'm getting error code -310 on everything. Maybe they finally shut it down?

edit - nevermind, it's back and still fucked.
 

iNvid02

Member
Aug 16, 2009
18,398
236
1,200
its a new person's details every time you click the account info tab, doesn't help that there is some visible info which could help an attacker get into the account. fuck me

shut it down gaben
 

E_Darkness

Member
Jan 11, 2014
7,300
0
0
I really hope I didn't have my payment details attached. I feel like I delete each time but I could've forgotten.
 

Proven

Member
Jan 19, 2007
7,241
0
0
Okay, I thought something bad happened to just me. Glad to see its everybody.

Except this is terrible!
 

DarKshodaN

Member
Jul 24, 2014
728
0
0
Germany
wow first i was in a russian account now in a german account, i maked screenshots from it if anyone don't believe me, this is fucked up.
 

Reebot

Member
Nov 8, 2012
2,475
0
0
What an unbelievable fuck up.

I was finally able to go in and confirm I have no saved payment info, but this is beyond unacceptable.
 

Parallacs

Member
Mar 14, 2012
2,233
0
0
Where can I remove card information? I do not see it under Account Settings?

You usually click where your $X.XX is on the upper right. However, since it now takes you to some random person in the world, you can't do it.
 

Memorabilia

Member
Oct 25, 2013
4,803
620
595
Pretty glad I only ever used paypal

Yeah this is why I only use PayPal for online purchases. I'm not a fan of how PayPal conducts itself in multiple ways, but by default they do provide an extra layer of security. Presumably, even with a PayPal account linked to Steam there's no way to make purchases on the account without being able to log into Paypal as well. In this case, the main threat from this type of attack is general chaos...a certain percentage of maladaptive randoms might screw with accounts...like stealing games that are saved as gifts by "gifting" them, removing games from libraries just to fuck with people, etc....

I'm thinking most gamers aren't thieves or assholes, so most will not harm another's account. But there's always the bad apples who just want to watch the world burn. Which is precisely what the hackers intended with this move if I had to guess.
 

ViciousDS

Banned
Aug 14, 2013
15,103
0
0
Just checked my paypal and valve/steam isn't even an approved payment. You must have that setup only when you save the info. I enter all my info on every purchase.
 

Syf

Banned
Oct 3, 2012
11,546
1
435
Canada
Just called my card company and blocked all Steam transactions for now. Incredible fuck up by Valve.
 

GoldandBlue

Member
Dec 22, 2007
5,060
1
0
Funny, I always use Steam cards to add funds and avoided using my credit card. I was about to use it this sale but thank God I didn't.
 

hobblygobbly

Member
Sep 9, 2014
4,821
0
0
I'm actually getting a lot of diff accounts now, got 12 diff ones so far. Crazy. I just keep on refreshing it and get a new account each time. At first I was only getting two diff ones constantly, now I am getting new ones.
 

Grief.exe

Member
Jul 11, 2012
43,857
0
0
Denver
backloggery.com
WHY IS THE STORE AND ACCOUNT PAGES AND EVERYTHING STILL UP

This is 100% the kind of thing you hit the big red "shut it down" button and shut it down. This isn't something like when there is a hack and stuff may have been taken and you email and say "change passwords".

This is (seemingly) random people having direct account access to accounts not belonging to them and being able to still use the store to buy shit or change account information. This is exactly the stuff you nuke the servers for to protect the customer.

But nah, we'll leave the servers up. Lots of people would have gotten steam credit today, gotta let them spend it!

I know it's difficult for people to think big picture on certain things, but can you think what day it is?
 

RyanW

Member
Jun 11, 2015
1,522
0
0
So because of this I'm assuming there's no way to change your personal info including payment options?
 

jmga

Member
Mar 28, 2013
1,712
2
0
It does not seem anything serious, I'm logged in with another user account name but I can't see his profile and when I try to buy something it successfully retrieves my data(email, paypal account, etc), not the ones from the other account.
 

Ardenyal

Member
Sep 13, 2010
3,697
7
780
I would really love to check my account details to make sure my card wasnt on there. FUUUCK
 

Iadien

Guarantee I'm going to screw up this post? Yeah.
Oct 29, 2006
7,475
0
0
I was wondering wth was going on, I was browsing and the language was changing from russian to spanish. lol
 

Steel

Banned
Jun 20, 2013
19,664
1
0
My account details are back to normal. Same happened for anyone else?

It's possible that your account was added to the list and other people are viewing it too. Apparently steam is suggesting you log the fuck out.
 

Zomba13

Member
Sep 27, 2009
19,653
7
705
Also getting a new user here. Still not my own info. Community seems to be down BUT NOT ACCOUNT INFO/STORE