• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hey Guest. Check out the NeoGAF 2.2 Update Thread for details on our new Giphy integration and other new features.

Steam security issue revealed personal info to other users on XMas Day (fixed)

jmga

Member
Mar 28, 2013
1,712
2
0
Judging from the fact that I have seen someone's billing address and phone number, along with the last four digits of their card and their paypal e-mail, I don't think that's true.

How did you see phone number if it only shows last 4 digits?
 

disappeared

Banned
Sep 14, 2006
26,836
3
1,120
What the fuck I'm trying to log in via mobile and every page is in Japanese and Google translate isn't working for shit.
 

Megawarrior

Member
Feb 7, 2015
2,778
0
0
Thank you guys. I just reported my card as 'stolen' to block future purchases through my banks automated system. I'd advise you all to do the same if yours has the option to do that.
 

Sn4ke_911

If I ever post something in Japanese which I don't understand, please BAN me.
May 9, 2009
45,856
1
985
Why are people now trying to delete and mess with other people's stuff? just log out of steam and wait until it's fixed. Jesus.
 

NoRéN

Member
Jul 6, 2009
14,013
0
0
some guy on the other page said he was deleting people's credit cards...so account information can be changed?

I decided to click on an email and got up to the whole change email stuff. I'm pretty sure you can change info.
 

Psychoward

Banned
Aug 17, 2011
22,258
1
0
I can't even remove my credit card because it says I'm logged in to someone else's account


Merry fucking christmas
 

Rox598

Member
Apr 22, 2013
4,100
73
525
If Valve does do compensation, I would laugh my ass off if they gave everyone TF2.



.
 

maquiladora

Member
Jun 7, 2011
22,655
1
0
How hard is it to just fucking shut off outside access to steam while this massive clusterfuck is going on? Jesus Christ Valve. This is unbelievable.
 

RoyalFool

Banned
Jan 29, 2012
2,211
18
0
Except I just deleted some ones CC one someones account

If it also sends the session cookie with the cache, it's not just showing you the page but effectively logging you in as them bypassing all security. The only saving grace is the cache is updating so rapidly by the time you submit it fails 99% of the time as it's already serving up a new cached page from someone else thus your cookie gets rejected
 

furfoots

Member
Nov 5, 2010
100
0
0
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

BS. I can view addresses and phone numbers from registered CCs.
 
Jun 23, 2012
72
0
510
Washington
I get that this is sort of embarrassing but whats the problem? No one can actually see your important info. All the profiles just show "card ending in xxxx-1234" or "phone number ending 1234". The security measures are actually working here.

Last 4 digits is often enough for social engineering attacks (assuming you have emails, addresses, etc - no where could you get that here).
 

taco543

Member
Jan 11, 2013
2,166
0
500
Fresno, CA
Once again.

NO ACCOUNT INFORMATION CAN BE CHANGED.

NO PURCHASES CAN BE MADE.

THE MOST PEOPLE CAN SEE IS YOUR E-MAIL, AND PURCHASE HISTORY.



Is it a clusterfuck? Absolutely. But aside from some random person knowing your e-mail and seeing that you've bought Hunniepop, YOU HAVE NOTHING TO WORRY ABOUT.

Except I made it all the way to the purchase confirmation page on someones account with no passwords entered, and that many others have had games bought with their accounts, and that also many people have had their info changed... so this post is invalid.
 

Collateral22

Member
Jun 5, 2014
4,718
0
390
It's not as bad as the PSN debacle, but it really is bad. Valve certainly isn't done, but the developer that pushed this live might be.

It's worse. Depending how long this has been active for people could have lost millions that Valve will have to compensate for.
 

chrominance

Member
May 24, 2013
9,369
2
0
I can confirm that you can indeed see people's real names and credit card billing addresses. Full phone numbers too.

SHUT IT DOWN VALVE. SHUT IT THE FUCK DOWN.
 

hitmon

Member
Jul 29, 2007
2,718
0
800
So I tried logging in on the browser prior to finding out about this and the recommendation to avoid steam altogether.. Is my account screwed?
 

Vilam

Maxis Redwood
Mar 3, 2009
6,686
0
985
San Francisco
www.gnardone.com
I'm in some Australian dude's account

this is baaaaaaaaaaaaad

and the https://store.steampowered.com/account link gets me ANOTHER account, wow

kill the servers steam holy shit

...yup. Just found some dude's account in Singapore that has money in the wallet. Why the hell isn't someone at Valve running through a server row somewhere ripping blades off a rack as fast as they can Boris style? Heh.
 

Easy_D

never left the stone age
Jan 5, 2008
23,623
2
0
I don't think they can change your email without going through Steam guard.



Just don't save payment information, that's the smartest thing to do on any website.

Yeah but I put it up there for the holiday sale and forgot to remove it after buying the few games I wanted. I wish Valve just had a "hook up directly to bank account" payment option, just use the mobile bankID app and presto. Easy, fast and safe.

Edit: Apparently playing an online game prevents anyone from logging into your account per /r/Steam Moderator. So I'm just gonna play some Chivalry and murder nubs until this blows over.
 

gofreak

GAF's Bob Woodward
Jun 8, 2004
43,345
2
1,645
So I'm either in someone else's shopping cart or someone else has put things in mine. The username in the top right is my own.

Can't access my account information though, just keeps asking me to login.
 

Dispatch

Member
Feb 8, 2009
784
0
0
I just removed the option for Valve to automatically receive payments from PayPal.

Is this the worst security breach in gaming history?
 

Bread

Banned
Jun 21, 2010
43,673
0
0
How does something like this even happen...Fuck valve this is screwed up I better not get anything charged to my card.