• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • The Politics forum has been nuked. Please do not bring political discussion to the rest of the site, or you will be removed. Thanks.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Bunta

Fujiwara Tofu Shop
Mar 27, 2013
8,816
5
0
My brother has gotten 13 emails from someone trying to login his account...
 

Elatreus

Banned
Aug 10, 2015
73
0
0
Been deleting card details on other people's accounts I'm getting into to.
Hopefully someone does the same if they get onto mine!
 

styl3s

Member
Nov 8, 2009
9,393
2
910
apparently not even attempting to access your account is the safest thing to do at this point?
just keep an eye on your bank account
Yeah i can't even log in to see if my debit card is currently attached to my steam.

I usually tend to remove my debit card right after making a purchase but sometimes i leave it. Guess i could just inconvenience myself for a few days and just report my debit lost so if someone gets a hold of it it, it will be useless.
 

Frodo

Member
Nov 6, 2012
10,040
4
635
Welp. When I open Steam client, it is my name and everything, but when I go to account details it is another guy's account. Luckily for him he has no money on his wallet, but his paypal account is linked to Steam.

I want to log in to my account because I'm not sure if I have my payment details there or not. I don't think I do, but just in case.


Now, WHY ON EARTH IS THIS SHIT STILL UP IS ANYONE'S GUESS. It should be shut down ages ago.
 
D

Deleted member 80556

Unconfirmed Member
So if someone else purchases something with the funds in my steam wallet it will just be added to my library, yes? I'm sure they'll be inundated with refund requests due to fraudulent activity, but at least there seems to be a level of recourse.

What if someone gifts it?
 

strafer

member
Apr 2, 2010
58,960
6
610
Sweden
So the things that CAN happen are:

People buying things with your Steam credit
Changing your emails to something else
Looking at whatever information is saved to your card, including your phone number and address

What else?

Thing is that that will happen to some. I'm sure of it. There are mean people out there on the internet.
 

Skux

Member
Aug 28, 2014
9,904
8
430
From what I can tell, here's the information that could be compromised:

last 2 digits of your credit card
Paypal email address
amount in your Steam wallet
last four digits of your phone number
account email address

I can also see entire purchase history in the "randomised" account page.
 

Head.spawn

Junior Member
Sep 3, 2013
6,745
2
320
I can see this on my galaxy s6ame without being logged into Steam or anything. Holy shit this is fucked.

 

SerRodrik

Member
Feb 14, 2012
1,186
0
0
MI
I'm really, really glad that I don't store credit card info on there. I don't think I have an address or phone number stored either. Scary stuff.
 

CoG

Member
Mar 10, 2007
4,116
0
0
It is possible. If it was caching as they say, it could be that they have proxy servers sitting in between the main steam server and users. Alternatively, whatever application container that forms the basis of the steam back-end is possibly being proxied over a different port through apache, and apache is caching content from the application container/server.

They probably added some additional caching or something to handle the Christmas load + the winter sale traffic and didn't throughly test it. Does not seem like a hack as much as an engineering fuck up.
 

And_Gignac

Member
Dec 22, 2013
5,427
0
320
Wow thanks for this thread. I haven't used steam in a couple of months, so I wouldn't have know. Thank god I always use PayPal for my purchases there.
 

Easy_D

never left the stone age
Jan 5, 2008
23,622
2
0
And this is why having a savings account is good, put all my money into there and my debitcard is only connected to the main account, luckily.

That will not be enough to deal with this shitstorm....
It's gonna have to be a free unusual hat.

Unusual Bill's Hat Special Santa Red Holiday Edition
 

yatesl

Member
Jun 3, 2012
2,799
0
0
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.
 
May 9, 2013
13,553
0
545
So the things that CAN happen are:

People buying things with your Steam credit
Changing your emails to something else
Looking at whatever information is saved to your card, including your phone number and address

What else?

I don't think they can change your email without going through Steam guard.

And this is why having a savings account is good, put all my money into there and my debitcard is only connected to the main account, luckily.

Just don't save payment information, that's the smartest thing to do on any website.
 

Boogdud

Member
May 28, 2010
2,567
0
0
I got an email from someone telling me I was logged into their account... uh, nope. Yeah just signing out and forgetting it for a while now.
 

Chuck

Still without luck
Feb 19, 2011
13,421
0
0
so if you go into someones account can you actually see their entire credit card info? just the last 4 digits?
 

gofreak

GAF's Bob Woodward
Jun 8, 2004
43,345
2
1,645
OK, getting support alerts about suspended accounts addressing a different user altogether :/ Just want to take my cc info off the system. I presume attempting to do isn't going to be flagged as malicious behaviour.
 

kAmui-

Member
Oct 20, 2012
1,650
0
0
Finland
Managed to delete my CC info. I have some money on my steam wallet but I'm not worried about that. Hope they sort this quickly.
 

Mimosa97

Member
Dec 19, 2013
6,157
0
0
Montreal/Paris
I think I fucked up. I got access to my account and tried to change my email/password. Got the codes by mail but I couldn't finish the process ... And then when I tried to delete my infos I ended up with a random person's account.

I might have made things worse for me. Worse thing is that I'm less worried by people using my CB (it's almost maxed out ... worse case I get a new one in less than 2 weeks) than my official email getting compromised. I'm fucking dumb for using that email for steam.

Fuck you valve.
 

Emperor_Uriel

Member
Jun 4, 2011
2,556
0
0
Maybe we should consider deleting the credit card info of any account we get logged into and then log out?

A good deed on Christmas day, we could save people a bit of money... assuming someone else doesn't get logged in to their account immediately after.
 

el87

Member
Jun 17, 2014
173
5
320
OMG

This is SO bad!!!

Yeah I see another dudes account info right now...

expect a big % of our accounts crawled...