• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hey Guest. Check out the NeoGAF 2.2 Update Thread for details on our new Giphy integration and other new features.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Taker34

Banned
Aug 15, 2013
2,174
0
0
Earth (Europe)
Thank fuck the site is finally down. This better be expensive for Valve - what an amateurish error. I can't believe everyone could access anyone's details randomly. Disgusting.
 

Lucid07

Member
Aug 13, 2012
821
0
0


"Sir, the valve, it's stuck! We can't turn it off!"

"Mother of god"

"Get the PlusGas"
 
Feb 23, 2011
8,651
2
0
I'm kinda thankful that the email address I use for Steam is more or less exclusively used for that, along with Origin. At least the risk is kind of compartmentalized for now.
 

Zukuu

Banned
Jan 19, 2013
10,883
2
0
Er... just a thought, but maybe the steam twitter has been hacked too and just saying that to prevent people from doing it? :X
 

Xeteh

Member
Jul 12, 2014
10,276
1
0
36
California
They are doing business right now.

It is by definition a business day for Valve.

Stop with the bs "its a holiday." When the steam store is open, Valve is in business.

I can't imagine how anyone would think a company dealing in as much money as Valve would have no one there to take care of shit on a holiday.
 

Oracle Dragon

Member
Feb 24, 2005
2,380
0
1,150
44
Ottawa
Is this why the main steam page shows a "login" button even when I am already logged in (in the steam client)? Glad I never save my payment info! Crazy that there isn't anything announced about this. Yes it is Christmas Day but it doesn't matter, for any critical applications they will have people on call over the holidays.
 

chrominance

Member
May 24, 2013
9,369
2
0
Credit cards are easy to change and offer zero-liability policies to limit or eliminate personal financial damage. Home addresses and phone numbers are much more difficult and painful to change. Home addresses and phone numbers, as well as purchase histories, can be used in social engineering attacks to gain access to more sensitive information. You know how Nintendo asks you about some of your recent eShop purchases when trying to recover an account? Exactly.

This is a big fucking deal and the longer Valve has the Steam servers accessible without even a statement of what they're going to do to stem the information leakage, the bigger the hit to their reputation.
 
Jul 7, 2007
14,016
0
920
I'm kinda wondering if removing someone's credit info would be a good thing. Seeing as most of us I'd assume are good hearted and don't have bad intentions. May save that account from someone else who wants to be a fuck head. Not that you can do anything with the last 4 digits of the credit card really. And doesn't seem like you can make purchases.
 

kiyomi

Member
Apr 20, 2012
5,355
0
0
What we know so far

  • Most likely an error in the way Steam caches pages.
  • People are able to access random Steam profiles and see compromising information, account names, emails, last 2 digits of credit card, paypal email address, purchases, etc.
  • No changes can be made to the effected account, no purchases can be made. Any evidence to the country is, as of yet, unsubstantiated.
  • It's been advised to not access Steam URLs, including the client, until we have more information.
  • Do not post account names you see, huge security risk.







I'll update this post with more information going forward.

Wonder if changing PayPal password would be a bad idea?
 

Incendiary

Banned
Feb 10, 2010
8,616
0
0
I haven't been logged into Steam since Tuesday - haven't gotten any emails or anything on my phone yet. I'm just not going to log in at all and hope that this only affects people who are currently logged in - i.e. Only those people who have logged in during the error/breach are having their accounts seen since it seems some people here are getting access to the same account information.
 

Lautaro

Member
Aug 8, 2013
3,796
2
0
SteamDB should just shut up, they are not affiliated with Valve so they don't know the nature of the breach.
 

El Odio

Banned
Aug 12, 2012
3,455
0
0
USA
EverytI'm I accessed my account info to try and delete my cc info it gave me someone else's account. This shit is so fucked.
 

khaaan

Member
Sep 28, 2012
4,954
0
355
I think they might just be shutting things down?

I can't access the store page via the client anymore, I tried to do a checkout a few minutes ago to see if my CC was stores and it wouldn't let me check anything out, and clicking account details now is leading me to a blank page.
 

redlegs87

Member
Sep 13, 2013
1,172
0
375
This is the reasoning to the not trying to delink your information.


"So yeah, don't try and unlink Paypal or edit credit info OR ANYTHING

That will randomly reveal your Paypal/credit info to people who are also clicking that setting page"

Saw that on IGN but I don't know how trustworthy it is.