• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hey Guest. Check out the NeoGAF 2.2 Update Thread for details on our new Giphy integration and other new features.

Steam security issue revealed personal info to other users on XMas Day (fixed)

wrowa

Member
Jul 26, 2006
14,351
1
1,170
Germany
I know it's difficult for people to think big picture on certain things, but can you think what day it is?

"It's holidays" isn't an excuse when you are operating one of the biggest online stores worldwide storing huge amounts of sensible user data. Especially so since it's known that hackers love to use Christmas for their attacks (if this is a hack). They absolutely should have security measures in place to take care of these issues quickly, even if this "just" means taking everything offline (which might not be as easy as it sounds, but that's something you figure out -before- shit hits the fan).
 

Alucrid

Banned
May 30, 2009
46,841
0
0
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.
some guy on the other page said he was deleting people's credit cards...so account information can be changed?
 

DrM

Redmond's Baby
Jun 6, 2004
13,856
0
0
Holy crap, just stumbled upon account from Czech republic with 900 € in wallet
 

JAV Actress

Banned
Sep 30, 2015
311
0
0
haylow three
Lmfao I've gotten into like 8 different peoples accounts


Gg Valve this is the biggest fuck up I've seen from a video game service. At least the PSN hacks didn't leak shit out in the open
 

Bunta

Fujiwara Tofu Shop
Mar 27, 2013
8,816
5
0
Maybe we should consider deleting the credit card info of any account we get logged into and then log out?

A good deed on Christmas day, we could save people a bit of money... assuming someone else doesn't get logged in to their account immediately after.

I've tried deleting paypal emails and CC numbers for people, but it gives me a login screen.
 
Mar 10, 2005
50,827
5
0
www.theimrankhan.com
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.
Judging from the fact that I have seen someone's billing address and phone number, along with the last four digits of their card and their paypal e-mail, I don't think that's true.
 

OldAsUrSock

Banned
Apr 1, 2012
5,458
0
0
Awesomeville
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

But I dont want spam in my email or people to know I purchased a Kawaii Black Ops DLC.
 

ItIsOkBro

Member
Aug 24, 2013
13,620
1
0
So the things that CAN happen are:

People buying things with your Steam credit
Changing your emails to something else
Looking at whatever information is saved to your card, including your phone number and address

What else?

Caching issue my ass tbh. What cached page can actually lead to functionality like it.
 

Rebel Leader

THE POWER OF BUTTERSCOTCH BOTTOMS
Jan 21, 2007
29,476
2
1,300
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

Except I just deleted some ones CC one someones account
 

yatesl

Member
Jun 3, 2012
2,799
0
0
some guy on the other page said he was deleting people's credit cards...so account information can be changed?

The other guy was wrong. If you click delete either nothing happens, or you get an error.

Judging from the fact that I have seen someone's billing address and phone number, along with the last four digits of their card and their paypal e-mail, I don't think that's true.

OK, I'll give you PayPal e-mail - but really, that's usually just the same as someone's e-mail.

Nothing can be done with the last 4 digits of someone's card.
 

Kayant

Member
Feb 25, 2014
6,015
0
0
Wow just noticed this. This is awful sightly happy I use paypal for steam stuff but this is one hell of a mistake.
 
Jan 16, 2010
19,595
0
895
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

You'd be wrong. Someone definitely removed my phone number from my account.
 
Aug 30, 2011
1,272
0
645
I get that this is sort of embarrassing but whats the problem? No one can actually see your important info. All the profiles just show "card ending in xxxx-1234" or "phone number ending 1234". The security measures are actually working here.
 

dickroach

Member
Jul 7, 2014
5,777
1
420
Brooklyn
so I'm looking at my bank account and apparently someone charged $100 at the liquor store last night! this is unacceptable. I dunno who did it and I'm too hungover to figure it out
 

Hylian7

Member
Mar 25, 2009
24,336
0
1,000
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.
Exposing emails still isn't a good thing.

Really with I could delete my CC info.
 

Rellik

Member
Nov 22, 2015
7,596
42
300
It's not.


I went to delete CC

CC deleted

not on my account

Yep. I've just clicked the delete button on someone's email address and it's removed it from their account under 'Store & Purchase History' but it still remains under 'Contact Info' with no way to remove it.
 

styl3s

Member
Nov 8, 2009
9,393
2
910
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.
So steam isn't allowing any purchases?
 

iNvid02

Member
Aug 16, 2009
18,398
236
1,200
people need to stop with the damage control kool aid, its a security breach because of the information that can be viewed
 
Jul 7, 2007
14,016
0
920
So glad I don't trust anyone to have my credit card info saved. It really is not a bother to have to enter credit card info every time you buy a game.

I clicked the link above and also not logged in on mobile chrome and saw someone else's account. Full email last digits of credit card etc. $13 in account. Great fuck up.

Hopefully valve does not get a free pass on this and get all the criticism and more that Sony did. But let's wait and see what the cause of this was.
 

Yosei

Member
Sep 28, 2015
52
0
0
On mobile everytime I go to account details I get into an account from someone else. This is really bad, steam must be shut down right now.
 

Saitama

Member
Feb 21, 2013
14,423
0
0
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

Well this calmed me down a bit. Will definitely change my email and never save my card info again though.
 

ClearData

Member
Jul 23, 2013
2,151
0
375
Guys I tried to purchase something to see if my card information was stored and everything was grayed out. Did Valve turn off the store? If so, good.