Support NeoGAF

[Ourobolus]

Ok, ok, I think it might have been a false alarm on my end, my bank had the purchases I made a few days ago somehow attributed to today for some reason. Won't know til tomorrow for sure though.

 

[jogu]

Steam seems to be down now?

 

[JeTmAn81]

BTW, all this is software issues and can be fixed remotely so nobody has to be in the office for this issue.

 

[Delusibeta]

.......how does that work.

The theory being that if you do anything with your account, it'll put you at the top of the cache list and subsequently increases your likelihood that your account will be accessed.

 

[-Opaque-]

looks like site is down now

Yeah I can't access the account page at all anymore (thank god)

 

[Skux]

STEAMDB IS NOT RELATED TO VALVE!

They are not Steam tech or customer support. They are a third party site. Please understand this guys.

 

[Kvik]

I imagine from their end they will have to Flush the cache(s) and invalidate all OAuth tokens.

 

[foxbeldin]

Steam dB tweets are shady as fuck.

They're not affiliated with Valve

 

[Turin Turambar]

...what?

I suspect doing any action will refresh your account as "page used in the last minutes" so it will stay in their cache system, which seems what it's really broken, the cache of pages that serves to boost the site. So when someone visits the details account, Steam serves the wrong cache link, taken from the cache available.

If you don't visit Steam, yours will have less chance to be in that cache pool.


My speculation.

 

[dity]

Steam should hire me for Steam Support because I'd have driven in to work by now and just pulled the ethernet cables.

 

[megalowho]

Anyone else get incorrect password errors? Trying on mobile. Was getting them before it was "down," if it is now. Kind of freaking out.

 

[Nzyme32]

Not sure if anyone remembers but this has happened before during one of the sales (the year that had the upsidedown page setup of a different season)

Back then you could also access other people's profiles via a variety of buttons that should have lead to your own pages - basket, wishlist, account, profile. You could see stuff but not go any further.

 

[TheTux]

Some people say it's a caching issue, but what's the point in caching the transaction list from a server point of view? Every user has got its unique page and I doubt it is a page with heavy traffic.

Does that mean that if I haven't visited that page in a while my account details will be safe?

 

[His Majesty]

Maybe this is all some stunt to announce Half-life 3?

 

[Cyrano]

No. You're effectively logged into their account.

Not actually sure this is the case. What seems more likely, since people are still getting functioning security verification emails, is that whatever is causing this is changing the overlay to display as though it were another account, but in actuality you may still be looking at your account.

Not sure of course, but the behavior seems strange otherwise.

 

[Kezen]

I always play the "do not panic" role but right now I'm having a very hard time living up to my reputation.

 

[Kouriozan]

Having such amount of money in your wallet... and this is not the biggest bnumber

Merry Christmas!

Spoiler

/s

 

[Enter the Dragon Punch]

changed my paypal password and added a mobile authentication token. changed my steam to mobile authenticator, too

 

[TronLight]

Sounds like hackers broke into @SteamDB, LoL

"No really guys, deleting your info makes it worse! Don't delete!"

It makes sense.

 

[jptrey06]

Steam is down!

Same here

 

[Dmonzy]

feel free to add this too

Remind me again why everyone is quoting their twitter? What gives them the credibility and knowledge to know what's going on exactly if they're not even affiliated?

 

[Sn4ke_911]

just play video games.

what we should have been doing from the beginning.

bu.. but the video games i want to play are on steam.

 

[Rebel Leader]

I want the $200 I've legitimately spent on Steam games the past 3 days to be refunded! (but lemme keep the games tho)

I don't think you appreciate the seriousness of this predicament >_>

 

[Doctor Ninja]

Damn.

I just bought some stuff from Steam. I hope I'm gonna be okay.

 

[Valkrai]

I should be ok if I didn't have paypal info saved automatically for purchases right? Signed in every time I bought previously and changed my PP password.

 

[Steel]

looks like site is down now

Only took them a full hour.

 

[TimFL]

Can you guys change your email or password in the Steam client? I just opened the settings menu for the fun of it and the buttons are disabled.

Valve slowly locking down certain features?

 

[Danj]

Finally, they took down the servers. About time.

Yeah it's showing as down here now too. Phew.

 

[2Crisis]

I'm going to go out on a limb, trying to update your account in anyway just updates the cache and puts you on top of some kind of stack in where they're stashing things. Being on top means that you're the next to be picked if somebody tries to look at a profile page.

Yea, The tweet isn't very clear but I think they mean not to do this from STEAM side, blocking valve from the paypal site itself should be fine.

 

[fantomena]

So should I be logged in or out? Im currently logged out.

 

[Doc Holliday]

Wow, I can see someone's else's account. I can't even change my email or credit card info because I can't see my own account.

Craziest security breach I've ever seen, wow. I just checked all my credit cards and changing my passwords. Such bullshit.

 

[Soyongdori]

Mother dick...

 

[trh]

Having such amount of money in your wallet... and this is not the biggest bnumber

I got into an account that had purchased literally several thousands of Euros worth of games as gifts.


This is bumming me the fuck out. Come on, Valve.

 

[Fireblend]

Again, what SteamDB was saying is don't login to Steam because then the pages you visit will enter the cache rotation, which is where those breaches are comming from.

 

[duckroll]

Just checked on the Steam mobile app. Now going to Account Details throws an error message back. Looks like they shut it down. Still, completely unacceptable response time.

 

[Baleoce]

 

[Brashnir]

They don'the have a " shut it down " button?

As a person who works on a large enterprise network, it's highly unlikely that they have a single button capable of shutting things down. A large-scale commercial venture like this would likely have multiple redundancies and failovers in place to prevent a single-site issue from taking down the entire thing.

If this truly is a software issue somewhere, the engineers would need the back-end systems to continue running in order to troubleshoot and correct the issue, so the answer would likely be to shut down routes in the front-end DMZ routers and/or firewalls to prevent access from the outside. And then hopefully they have some way to VPN in outside of these front-end network components, or a bunch of software guys are going to have to head on-site to fix this.

 

[ironcreed]

Great post, thanks.

I meant no offense, Jesus. I just said that I am glad that I have not used Steam in years right now because of this mess.

 

[FyreWulff]

Why is an unofficial Twitter account running a third party site the one doing the support for this issue?

Valve "what, pay for a CS team?" Software

 

[sindbadthesailor]

I had to log in to paypal when I wanted to buy something. Should be fine I think.

Shouldn't have procrastinated on getting the stuff I wanted though.

 

[kAmui-]

Not sure if anyone remembers but this has happened before during one of the sales (the year that had the upsidedown page setup of a different season)

Back then you could also access other people's profiles via a variety of buttons that should have lead to your own pages - basket, wishlist, account, profile. You could see stuff but not go any further.

Something like this definitely happened at some point. I remember seeing other peoples wishlists.

 

[Enter the Dragon Punch]

/account isn't working. think valve finally pulled the plug.

friends list is still working.

 

[ViciousDS]

I think they mean unlinking PayPal steam side, not PayPal sode.

Yes....always remove info from paypal site not the affected one. It almost sounded like they said removing payments from paypal would make it worse lol

 

[Smash88]

They finally shut it down!

FUCKING CHRIST VALVE, MY EMAIL IS NOW IN THE WILD AND ANY FUCK CAN SEE IT AND POTENTIALLY COMPRISE ME.

 

[| Praxis |]

Only took them a full hour.

It takes a while to wash up after Christmas dinner.

 

[Adnor]

I didn't get any confirmation e-mail for anything in Steam, does that means that no one bought anything with my account? Can't check the bank account ATM.

 

[Joey Ravn]

So anyone want to get back into console gaming?

As if PSN hadn't been massively attacked and breached in the past. Take that console war shit somewhere else.

 

[Ivan Amiibo]

No steam pages are loading for me at all at the moment, aside from library thankfully.

 

[Xamtheking]

As a person who works on a large enterprise network, it's highly unlikely that they have a single button capable of shutting things down. A large-scale commercial venture like this would likely have multiple redundancies and failovers in place to prevent a single-site issue from taking down the entire thing.

If this truly is a software issue somewhere, the engineers would need the back-end systems to continue running in order to troubleshoot and correct the issue, so the answer would likely be to shut down routes in the front-end DMZ routers and/or firewalls to prevent access from the outside. And then hopefully they have some way to VPN in outside of these front-end network components, or a bunch of software guys are going to have to head on-site to fix this.

Quoting for reality

 

[Bumpers]

If it's truly just a caching error, then doing those actions may just expose your account pages to the pool of what's being shared if it already isn't there.

If it's a chaching issue, that means the page that you were trying to get (your account) get shown to other person. If you don't try to login to remove your payment info, it wont be shown.

My speculation.

Surely it's better to have my page re-cached with no details than wait for it to be cached with my remaining details still on there?

It seems to be down now, but I've already had a Steam guard sign in attempt from 15 minutes ago.