• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Steam security issue revealed personal info to other users on XMas Day (fixed)

Taker34

Banned
Thank fuck the site is finally down. This better be expensive for Valve - what an amateurish error. I can't believe everyone could access anyone's details randomly. Disgusting.
 

Lucid07

Member
valve-offices.jpg


"Sir, the valve, it's stuck! We can't turn it off!"

"Mother of god"

"Get the PlusGas"
 

Zukuu

Banned
Er... just a thought, but maybe the steam twitter has been hacked too and just saying that to prevent people from doing it? :X
 

Xeteh

Member
They are doing business right now.

It is by definition a business day for Valve.

Stop with the bs "its a holiday." When the steam store is open, Valve is in business.

I can't imagine how anyone would think a company dealing in as much money as Valve would have no one there to take care of shit on a holiday.
 
Is this why the main steam page shows a "login" button even when I am already logged in (in the steam client)? Glad I never save my payment info! Crazy that there isn't anything announced about this. Yes it is Christmas Day but it doesn't matter, for any critical applications they will have people on call over the holidays.
 
Credit cards are easy to change and offer zero-liability policies to limit or eliminate personal financial damage. Home addresses and phone numbers are much more difficult and painful to change. Home addresses and phone numbers, as well as purchase histories, can be used in social engineering attacks to gain access to more sensitive information. You know how Nintendo asks you about some of your recent eShop purchases when trying to recover an account? Exactly.

This is a big fucking deal and the longer Valve has the Steam servers accessible without even a statement of what they're going to do to stem the information leakage, the bigger the hit to their reputation.
 
I'm kinda wondering if removing someone's credit info would be a good thing. Seeing as most of us I'd assume are good hearted and don't have bad intentions. May save that account from someone else who wants to be a fuck head. Not that you can do anything with the last 4 digits of the credit card really. And doesn't seem like you can make purchases.
 

kiyomi

Member
What we know so far

  • Most likely an error in the way Steam caches pages.
  • People are able to access random Steam profiles and see compromising information, account names, emails, last 2 digits of credit card, paypal email address, purchases, etc.
  • No changes can be made to the effected account, no purchases can be made. Any evidence to the country is, as of yet, unsubstantiated.
  • It's been advised to not access Steam URLs, including the client, until we have more information.
  • Do not post account names you see, huge security risk.

bJK2asd.png


owZ6BYU.png


3lbQyvr.png


I'll update this post with more information going forward.

Wonder if changing PayPal password would be a bad idea?
 
I haven't been logged into Steam since Tuesday - haven't gotten any emails or anything on my phone yet. I'm just not going to log in at all and hope that this only affects people who are currently logged in - i.e. Only those people who have logged in during the error/breach are having their accounts seen since it seems some people here are getting access to the same account information.
 

El Odio

Banned
EverytI'm I accessed my account info to try and delete my cc info it gave me someone else's account. This shit is so fucked.
 

khaaan

Member
I think they might just be shutting things down?

I can't access the store page via the client anymore, I tried to do a checkout a few minutes ago to see if my CC was stores and it wouldn't let me check anything out, and clicking account details now is leading me to a blank page.
 

redlegs87

Member
This is the reasoning to the not trying to delink your information.


"So yeah, don't try and unlink Paypal or edit credit info OR ANYTHING

That will randomly reveal your Paypal/credit info to people who are also clicking that setting page"

Saw that on IGN but I don't know how trustworthy it is.
 
Top Bottom