Support NeoGAF

[BulletBees]

This is fucked.

 

[Fanuilos]

Stop posting usernames.

 

[Enter the Dragon Punch]

everything is in japanese

 

[Monochromaticx]

servers down it seems

 

[ViciousDS]

I can view accounts here - https://store.steampowered.com/account

And im not logged into steam at all

Holy shit.....your not joking....what the living fucccckkkkkk

 

[Lulubop]

I have CC info on my account.

Blah, #TeamOrigin.

 

[XiaNaphryz]

https://twitter.com/SteamDB/status/680492664610000896

This was my guess as well, seemed like a caching issue.

Man, Valve's in for a world of hurt. Don't they have staging servers to test out changes before pushing to prod? Or did someone mistakenly alter a setting or config file when they put the servers back up?

 

[hobblygobbly]

Valve should turn the valve to cut steam off.

Spoiler

sorry

 

[SpotAnime]

Nice I left Steam on downloading a game while I went to my Grandmas for Christmas. I'm fucked now.

I got a Steam Link for Christmas, thank God I had already turned everything off. I hope being logged in on the phoen app didn't make me vulnerable.

 

[Okingjrr]

When you pay via Paypal, don't you still have to log into Paypal to confirm the payment?

 

[Lkr]

Holy fuck. I told steam to save my card like 3 hours ago too. Should have used PayPal :

 

[-x.Red.x-]

I can view accounts here - https://store.steampowered.com/account

And im not logged into steam at all

WHOA

 

[akira28]

hmm...well...it looks like they couldn't change anything anyway. so...


hrm....I dunno. Should I be upset?

 

[dmr87]

Guys! If you can, move all your money from the account tied to your Credit Card to another account not tied to anything. That's what I did, at least people cannot buy anymore games using my account.

Yup, already done.

 

[mullet2000]

How do I remove my credit card info when I'm constantly getting other people's account pages?

 

[Duffman]

I can smell the lawsuits

 

[Grief.exe]

fuck me, someone's accessed my account, everything is in japanese

Do you actually think this?

 

[Alfredo]

Uh oh. I added my card to my account an hour ago to gift games to people. Now I'm seeing the account info of someone who really likes buying stuff for Counter-Strike...

This seems bad.

 

[rdytoroll]

I can view accounts here - https://store.steampowered.com/account

And im not logged into steam at all

Holy shit, you are right. You don't even need an account to see other people's information.

 

[Kouriozan]

stop posting usernames.

It had random letters after his name, I'm not dumb enough to post full nicknames.

 

[Jotamide]

Showing up a different account, can even turn off Steam Guard from my end. This is bad.

 

[Ogimachi]

I can view accounts here - https://store.steampowered.com/account

And im not logged into steam at all

Holy fucking shit.

 

[Xamtheking]

Alright
It's not a hack, at least

 

[MrV4ltor]

fuck me, someone's accessed my account, everything is in japanese

No, that's you accessing another account.

 

[fluffydelusions]

This is pretty hilarious actually.

Umm no?

 

[Crimsonclaw111]

I'd imagine if you have any purchases today, your steam wallet will be fully refundable and then some. As for credit card.... They can't get the full number or CCV from steam. I'd worry more about identity theft from the email/phone number.

My email worries me yes, but I use different passwords for Steam and my email. The phone number I have listed is old and out of service :/

 

[Nabs]

I refreshed and got my account page. That nearly gave me a heart attack.

 

[Steel]

https://twitter.com/SteamDB/status/680492664610000896

If this is true they just fucked their own X-mas. And then some.

 

[Alethebeer]

I am refreshing the page and i keep getting account informations only from people of my country, Italy.

 

[Castef]

Managed to access my account and removed Paypal. Phew.

 

[shira]

Just refreshed and...

It's okay stumpo, your account is safe with me!

time to nuke everything, nuke creditcards, nuke paypal, nuke phone, nuke email

 

[AlteredForms]

Minky is throwing shit at TF2. Have you seen this guy's purchase history?

 

[Stumpokapow]

Just refreshed and...

It's okay stumpo, your account is safe with me!

oh that's good

 

[Sjefen]

damn, I was going to go crazy with the steam sales tommorrow and registrate a new visa card(old one expired in november). looks like I dodged the bullet.

Valve needs to fix this asap, if millions of people lose their money on their accounts the lawsuit could be huge.

 

[JimmyRustler]

My store was just Polish all of a sudden. lol
Then I was logged out.

 

[Bunta]

This is pretty hilarious actually.

No, not at all.

 

[SpartanSlayer117]

WHY IS THE STORE AND ACCOUNT PAGES AND EVERYTHING STILL UP

This is 100% the kind of thing you hit the big red "shut it down" button and shut it down. This isn't something like when there is a hack and stuff may have been taken and you email and say "change passwords".

This is (seemingly) random people having direct account access to accounts not belonging to them and being able to still use the store to buy shit or change account information. This is exactly the stuff you nuke the servers for to protect the customer.

But nah, we'll leave the servers up. Lots of people would have gotten steam credit today, gotta let them spend it!

Agreed 100%, if they are working on it why didnt they shut the servers down? With peoples adresses, phone numbers, full names, cc numbers and access to permanently remove games from accounts this is a massive security mess.

 

[RoyalFool]

Maaaan.

Account Security
Status:
Protected by Steam Mobile Authenticator

^ The irony

So from what I can tell, you can't actually do anything - its basically caching that account page when it shouldn't be, but at least you can't in theory commit any actions on other peoples accounts it shows you. It's not caching the auth cookie by the look of it.

 

[Reebot]

Shit happens, everyone fucks up.
It's annoying, it's utter shit even.

But shit happens.

And part of running a store or subscription entertainment service is preventing this type of thing, and standing constantly ready if or when it happens. Its a reality of modern online commerce.

This really isn't a situation in which Valve deserves sympathy. We're far, far beyond "shit happens," and deep into incredibly poor handling of the situation.

 

[Onaco]

I'm in someone's account with $60 in their wallet. Valve, fix this shit!

 

[Hektor]

And Steam is still not down, you gotta be fucking kidding me.

 

[Tenebrous]

oh that's good

What?!

 

[Kwansu Dudes]

https://twitter.com/SteamDB/status/680492664610000896

...

 

[Snore Crime]

Oh fuck.
Merry christmas I guess. Why is this shit still online?

 

[Nocturno999]

So it wasn't a security breach but this is Dec 25. It's too much of a coincidence.

 

[harpingon]

I just got someone elses account. This is bad

 

[Steel]

oh that's good

Well, that's not freaky or anything.

 

[davidwhangchoi]

fyi: If you use paypal like I do for steam payments, you can go into your paypal account settings, then click preapproved payments, and find the one for Valve, and then cancel it.

just did the same and post this on another forum

thanks

 

[Benson]

Fuck, they REALLY need to just pull the plug right now! How can they keep the service up when it has been so thoroughly compromised?!

Keeping an eye on my bank account to see if any payments go through.

 

[Benedict]

I just saw an account with about €173 in his wallet...