• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hey Guest. Check out the NeoGAF 2.2 Update Thread for details on our new Giphy integration and other new features.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Einchy

semen stains the mountaintops
Jun 21, 2010
23,750
2
790
How do I go about changing my payment methods? Is it not possible right now?
 

chadskin

Member
May 27, 2013
13,088
3
0
Security breach or not, personal info exposed like this, in particular email addresses, is a VERY serious matter.
 

Doctor_Thomas

Member
May 27, 2013
7,372
0
0
How is it better that Valve's own internal systems allowed this to happen?

Steam is now asking me about adding a phone number? I wouldn't think it.
 

DarKshodaN

Member
Jul 24, 2014
728
0
0
Germany
I guess valve is done after this, this is even worser then the psn debacle.

Shut steam down, i can't believe i can still see accounts from other guys when i refresh my account
 

FStubbs

Member
Aug 29, 2010
4,611
848
895
The store parts of the client haven't worked for me and others for months. I guess Valve doesn't care if I buy things or not.
 
Jan 16, 2010
19,595
0
895
Someone just removed my phone number from my account. Thing is I've got email steam guard turned on.. so they shouldn't be able to do shit w/o my email password right? No saved CC info here.
 

Grief.exe

Member
Jul 11, 2012
43,857
0
0
Denver
backloggery.com



*Yet you can purchase items on other people's accounts and view personal information....Merry Christmas.

Steamdb is not associated with Valve in any way, but you cannot purchase items in someone else's account.
 

Jordan117

Member
Sep 19, 2007
151
0
1,085
Wow, I'm seeing accounts even when visiting steampowered.com in Incognito mode (so no cookies, cache, etc.)
 

Kalor

Member
Oct 30, 2013
3,532
0
0
Well, I don't think I saved my purchase stuff to Steam but I should be fine. This is a crazy security flaw and on Christmas Day as well where purchases likely are higher.
 

DeaviL

Banned
Sep 11, 2013
3,189
0
0
Belgium
This isn't a "shit happens" sort of thing. They have a responsibility to make SURE this doesn't happen, ever.

They do, and yet It is a "shit happens" moment.
No frothing at the mouth is gonna help you.

Log out, check your e-mails, wait for a Valve response.
No ones got your passwords, no ones got your CC's 3 number safety code (only the last numbers).

so should i not be playing any games right now? even in offline mode?
Offline should be fine?
Disable your Wifi so it doesn't even try to connect.
 

Vilifier

Neo Member
May 13, 2011
213
0
0
Australia
I had the same thing happen to me, I am using the steam client and it started to act strange and it ended up showing me someone else account and I was still logged into my account. I just signed out immediately and went and played xbox instead. I didn't realise it was this serious.
 

jellies_two

Member
Jun 14, 2014
5,510
1
0
If you can see pages constructed for other people it's cache failure which is bad.

But if you can/could DO stuff under someone else's account it isn't just that, it's duplicate/overlapping/broken security tokens, which is much worse.
 

Geg

Member
Nov 26, 2014
5,996
0
0
I just tried opening steam again and it can't connect me to the network. Maybe they're finally shutting things down?
 

gofreak

GAF's Bob Woodward
Jun 8, 2004
43,345
2
1,645
So they're saying not to go to Steam links, or not to go on Steam at all?

I'd rather like to log on to my account to get rid of my CC information, please and thanks.
 

obear

Banned
Apr 10, 2012
57
0
0
Holy crap.

Can anyone actually buy stuff though? I can't seem to remove my details :(

I think if you had money stored I would think someone could spend it. But if you had 0 money I wouldn't think they could use your card...it would try and ask for verification I think.

They need to pull the plug now
 

GuitarGuruu

Member
Apr 22, 2013
1,255
0
350
The thing that makes me the most angry is the fact that they are electing to keep this issue online letting others access a ton of potential accounts allowing for compromised information.

Very disappointed and dissatisfied with Valve currently. The only silver lining is hopefully this teaches them a lesson and they get their shit together.
 

Palculator

Unconfirmed Member
Jun 22, 2014
6,423
0
0
The "Security breach" thing is poorly phrased. They just mean it's not hackers compromising Valve's security, but a huge cock-up on their end.
 
Jun 23, 2012
72
0
510
Washington
Not buying it. Cache-control headers would not give you the authorization to go to other pages in the account. Once you get someone's account page you can go anywhere and (I suppose) change anything. That's not caching and even if it is, it's a colossal security fuck up.

Yeah, also SteamDB isn't affiliated with Valve so they are probably guessing? My guess is a session-handler bug, in which case logging out is a very good idea.
 

MageBoySA

Member
May 27, 2014
282
0
0
Not buying it. Cache-control headers would not give you the authorization to go to other pages in the account. Once you get someone's account page you can go anywhere and (I suppose) change anything. That's not caching and even if it is, it's a colossal security fuck up.
I clicked on the account link on my phone not logged in and got an account starting with "z." Clicking on other links got me account names starting with different letters.