• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Steam security issue revealed personal info to other users on XMas Day (fixed)

npa189

Member
Apr 29, 2013
2,204
0
380
Mobile app seems to be effected as well, I can see other people's accounts when I go to look at mine. I think I'm done with storing CCs on online storefronts all together after this. Hopefully this doesn't end up as bad as it looks.
 

FluxWaveZ

Member
Jul 24, 2012
38,103
1
0
It sounds, then, that if you were never logged in before this whole thing started and haven't tried, your account can't get accessed by the caching issues?
 

Beowulf28

Member
Dec 18, 2008
2,001
0
0
This is so fucked. I'm getting random emails from people on steam saying they're in my account and deleted my CC info.

WHAT IS HAPPENING.
 

Grief.exe

Member
Jul 11, 2012
43,857
0
0
Denver
backloggery.com
What we know so far

  • Most likely an error in the way Steam caches pages.
  • People are able to access random Steam profiles and see compromising information, account names, emails, last 2 digits of credit card, paypal email address, purchases, etc.
  • Full addresses and phone numbers were able to be accessed.
  • No changes can be made to the effected account, no purchases can be made. Any evidence to the contrary is, as of yet, unsubstantiated.
  • It's been advised to not access Steam URLs, including the client, until we have more information.
  • Do not post account names you see, huge security risk.
  • Do not log into Steam to unlink your Paypal. If you feel the need, can be done from the actual Paypal website.
  • Reminder: Steamdb is not affiliated with Valve in any way.







I'll update this post with more information going forward.
 

DMczaf

Member
Jun 6, 2004
86,669
4
1,790
how have they not shut the servers down yet? There's some damn important information being displayed with this fuck up.

This is fucking ludicrous.
 

K.Jack

Knowledge is power, guard it well
Mar 10, 2007
24,186
0
1,270
Valve needs to cut the fucking hard lines, until this is fixed.

Shut this fucking shit down man!
 
Oct 9, 2005
7,823
1
0
I can view accounts here - https://store.steampowered.com/account

And im not logged into steam at all
I got to my own account on my second try. Tried to delete my payment details and it did nothing, it just refreshed the page to show some random Polish account. Don't think anything actually happened.

Ugh, you can see the last four phone number digits too, if you have Steam Guard tied to your phone.
 

MattyG

Banned
Jan 11, 2014
9,903
0
0
Wait, so what should I do about this? I'm not logged into the store and I don't have steam open on my PC, but I have my CC info stored. Should I login and change it or just stay logged out?

Edit: Ah, nevermind. Thanks Grief
 

Moonlight

Banned
Oct 16, 2012
10,506
0
0
I hit up the front page of the Steam store. To check if I was logged in there or not. Am I screwed? Seriously asking here.
 

Xamtheking

Member
Mar 26, 2014
7,840
1
0
Guys
Everything but the Store shows up on my account
My Friends list is normal and I successfully added a number to my account
 

Arren

Member
May 26, 2009
365
2
765
Except I made it all the way to the purchase confirmation page on someones account with no passwords entered, and that many others have had games bought with their accounts, and that also many people have had their info changed... so this post is invalid.
Exactly, unfortunately that is false. Billing addresses and complete phone numbers are currently compromised and accessible to other random people and there have been lots of user info changes reported in this very thread.
 

benny_a

extra source of jiggaflops
Apr 25, 2009
17,350
1
0
Well this calmed me down a bit. Will definitely change my email and never save my card info again though.
I wouldn't take that at face value.

This has been ongoing for approx. 45 minutes. Just because certain things don't work now any more doesn't mean there wasn't a window where they did work, as several posters have said they were affected.

In the end who knows, could also be coincidental. But things happening T+5 mins are not disproven by saying things don't work T+45 mins.
 

yatesl

Member
Jun 3, 2012
2,799
0
0
You'd be wrong. Someone definitely removed my phone number from my account.
Are you sure? I just tried to delete someone's, and it didn't work. I also tried to delete someone's PayPal details, and someone else's CC details. I can't see any addresses.
 

cptodin

Member
Sep 5, 2014
382
0
330
That's the reason why´I never save any details on stores.
First thing I do is change my password when this issue has been resolved, just to be on the safe site.
I guess everyone should do that...
 

Stallion Dan

Member
Jun 8, 2014
8,970
2
0
UK
Would i be doing someone a favour if i deleted their cc details? I could just leave it, but then they vulnerable to someone less nice.
 

kanuuna

Member
May 25, 2013
2,079
0
475
You can see people's e-mail addresses, look them up on Facebook. You can see their PayPal address.
How fucked is this.
 
Jan 16, 2010
19,595
0
895
Wait, how do you know?
Because I was sent an email regarding it.

Hello 19 & 21
A phone number (ending in 0000) has been removed from your account.
If you did not do this, your account may have been compromised. Please change your password immediately, or contact Steam Support.
 

jmga

Member
Mar 28, 2013
1,712
2
0
It's worse. Depending how long this has been active for people could have lost millions that Valve will have to compensate for.
You can't do any purchases.
You can't see phone number nor CC info.

They fucked up, but the only personal data compromised here is email.
 

rdytoroll

Member
Jul 5, 2015
2,107
0
365
Jesus christ. Stop it with the excuses already. Even only seeing someones phone number and e-mail is a big breach. And people have reported that they could delete other's information.
 

strafer

member
Apr 2, 2010
58,965
6
610
Sweden
Well, I was about to go out for dinner, that is not going to happen now.

I'm going to sit and guard my stuff very clearly. I'm not leaving my computer.

And Valve, can you just please shut the stuff down.
 

HardRojo

Member
Oct 19, 2011
17,471
1
0
Lima, Peru
Why are people now trying to delete and mess with other people's stuff? just log out of steam and wait until it's fixed. Jesus.
If people going out of their way to screw others by spoiling Star Wars wasn't enough evidence, people will be assholes when the opportunity presents itself and they feel no punishment will come for them.
 

stan423321

Member
Jul 24, 2014
4,817
0
0
I think this has indeed something to do with caching. While being confused myself I've seen a bunch of Russian/Polish/English not-logged in main pages, and a pair of registered Poles. (Shut-outs to Victor and Zeus, merry Christmas pals!)

Browsing Steam web portal logged in may result in your data being cached in turn, so the advice to not do anything until Valve does something about it isn't the worst one.
 
D

Deleted member 125677

Unconfirmed Member
Stump do you want me to clear your account of turd games?
 

Zomba13

Member
Sep 27, 2009
19,653
7
705
I'm confused at this "it's a holiday" shit. I mean, you telling me they don't have anyone anywhere handling this able to shut stuff down if it gets bad? Don't they typically offer more pay for holidays to get what few people they can to stay in and work when it's a big huge online thing?

Yeah, they won't have everyone. Yeah, they didn't expect this and are understaffed but they should have some people there able to handle this and if not fix it at least shut it down so nothing gets worse.

Then again I guess losing out on Christmas day sales isn't worth it.
 

Vuapol

Member
Aug 10, 2014
792
0
0
So when I view my account information I am some poor bloke from the UK, with all of his information for me to view. When I see purchase history, I am some different fellow from Canada. When I view Product Keys, I am some other different fellow from Latin America.

This is pretty fucking bad Valve.

Thank god I use Steam Wallet Cards for everything, good god. Hopefully the assholery of screwing with other's accounts will be as little as possible with the holiday and whatnot.
 

CrackPebbles

Member
Jul 3, 2013
5,052
0
490
I've gotten two emails from random people telling me that they deleted my saved payment info to prevent anyone from accessing it.

huh.
 

JeTmAn81

Formerly '0v0'
Jul 3, 2008
9,842
50
1,155
I'm not logged in but in two refreshes I got prices in Canadian then Japanese currency. I'm in the U.S.