GifGafIsTheBestGaf
Member
oh boy, just with my luck i wonder if im one of the affected. gonna keep my eye on any steam email
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Valve releases statement on Steam's Christmas issues
- Thread starter chadskin
- Start date
I'm glad they responded, though too late for my liking. I don't expect an immediate response, but at the very least next day should have had something out.
People thinking this event will harm Valve are nuts though, they will still rake in money hand over fist this Christmas sale.
I really enjoy Steam as a service, and I count myself lucky that I've never needed to contact their customer service, but I dread the day I do need it. Unfortunately, I find all Steam alternatives far less attractive than Steam itself.
People thinking this event will harm Valve are nuts though, they will still rake in money hand over fist this Christmas sale.
I really enjoy Steam as a service, and I count myself lucky that I've never needed to contact their customer service, but I dread the day I do need it. Unfortunately, I find all Steam alternatives far less attractive than Steam itself.
not excusing valve but quite literally every retail store employee can see the last four digits of your card number. you're being ridiculous. if it's that bad to you i can't imagine you use anything other than cash everywhere you go.
Silent Chief
Member
I don't think that would give you the correct upperbound. Cache misses where treated as cache hits and the wrong account accessed. Are you saying there were only 34K cache misses? That seems incredibly low, unless it's affecting only a subset of their network.
a store employee can't see my address or link my real identity to my online persona
Silent Chief
Member
Everybody was on vacation. You don't need the top execs. You need the guys that understand the system. If they are like me, they don't answer their phone on Christmas day.
UnemployedVillain
Member
Yeah, it does, but I guess it isn't unfeasible? Let's say...
10.5m concurrent logged in users
Some fraction of that are actively using the application, and not in-game, during the period
Some fraction of that are in Payment section of the purchase flow
Some fraction of that had cache misses that were accurately detected for that user, and had their newly input info cached
I think I got that right. I mean, it's a stretch, but *shrugs*
lol
I've seen countless email addresses, real life addresses and first/last names. I even see *gasp* the last four digits of social security numbers. I'm just a retail employee and I come across these things more than 20 times a day. valve isn't handling this well, but if you guys think this info isn't something tons of people have seen already I don't know what to tell you.
Conkerkid11
Member
Good to hear them finally own up to it I guess. Like others, I believe they were in the wrong in how long it took them to respond, and honestly I didn't expect them to with how long it's been since it happened. Unfortunately it looks like the community pressured them into finally releasing a statement they might as well have had written up the day of the event, which doesn't make me too enthusiastic for the future. They've never been great at communication, and they never learn from their mistakes in that department, so hopefully they'll manage to learn from their mistake in this department and not let this happen again.
In other news, all three major games services managed to hold up pretty well this year, assuming Xbox Live and PSN were also DDOSd. So that's good.
In other news, all three major games services managed to hold up pretty well this year, assuming Xbox Live and PSN were also DDOSd. So that's good.
charlequin
Banned
This idea that PR takes the holidays off is bizarre to me. Image disasters don't wait for business hours.
At any large, competently-run service company they (or rather, a subset of them) aren't like you because there's a portion of the staff paid specifically to be on call for things like a major system problem on Christmas.
34,000 is around 5-10 a second for the period of the problem, so I'd guess there's some double digit number of servers affected, each of which cached a specific user's info for X seconds before clearing it out for someone else.
At any large, competently-run service company they (or rather, a subset of them) aren't like you because there's a portion of the staff paid specifically to be on call for things like a major system problem on Christmas.
34,000 is around 5-10 a second for the period of the problem, so I'd guess there's some double digit number of servers affected, each of which cached a specific user's info for X seconds before clearing it out for someone else.
I don't give all that information to retail stores, and I live in the UK where we don't have social security numbers. If a store leaked information to random members of the public they would be investigated by the information commissioner and fined.
Secondly, none of that information in the possession of a store employee would link an online persona to an IRL identity.
R_thanatos
Member
Not really to the bolded , it's easy to see witch user used a session during a specific timeframe on a webserver as long as you get logs. If they know that a pathway was defective , all they had to do was to look at the logs and count.
Kwansu Dudes
Member
Next time, I hope they are speedier and give us a general statement directly instead of relaying to gaming outlets.
"we're working on this issue and will provide an update as soon as possible. Our apologies" or some sort of acknowledgment would be great.
"we're working on this issue and will provide an update as soon as possible. Our apologies" or some sort of acknowledgment would be great.
UnemployedVillain
Member
Not PR people usually. There are support staffers and someone who's in charge if someone higher up for seriously escalation cases where someone higher up needs to be notified
TheSpoiler
Member
They seemed to skimp over the fact that you could see the last FOUR digits of someone's credit card if the last page was reachable. That's an important fact that hopefully I just missed in their apology.
MrTroubleMaker
Gold Member
I feel the same way.
Well they said:
"The content of these requests varied by page, but some pages included a Steam users billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number"
TheSpoiler
Member
That's sorta my point. It's important to notify your consumers that it was possible that the last four digits were seen. Seems like they were just sweeping that part aside because it's a far bigger issue than just two.
UnemployedVillain
Member
Seems to have gotten the same bit of attention...I'm not sure what you mean
TheSpoiler
Member
The last two digits of your credit card aren't much of anything. The last four digits of your credit card alongside all that information very well can be with some social engineering.
In Valve's statement, they mention that, including the other stuff, it's possible that the last two digits were viewable. It'd be far more important to let your consumers know that either both were visible, or take priority and tell them that the last four were.
One of those presents a far bigger issue than the other, so it just looks like clever wordplay instead of being upfront with Steam users.
It's not like Valve doesn't know this, but people who don't frequent game forums or game websites have no clue.
LiquidMetal14
hide your water-based mammals
Balve finally speaks. Bless their oily hides.
Mad Season
Banned
Doesn't matter. You get your top people on it asap, holiday be damned
grosvenor_92
Member
Happy to see they released an official statement instead of just ignoring it altogether
this is where I'm at
their eventual explanation and apology today was fine
It's the lack of "hey, we know something is fucked, here's what we know so far, try to do and not do this this and this, etc." while the situation was ongoing that was the problem.
It's also concerning that the first response was a sentence or two to Kotaku, and not anything aimed directly at Steam users coming from any sort of official communication channel with Valve's name on it.
Cave Johnson
Member
It's nice to see a statement that lay down the details. A quick "response" by some here would've demanded would affect the entire message of "how" it happened resulting in another misguided mob style mentality.
charlequin
Banned
It's so weird to me that people keep saying this. Crisis management is a key part of a PR team's mandate. They might not have an on-call schedule the way a tech person does, but the senior staffers will be available at off-hours the same way that other senior leadership are.
The issue at Valve isn't that PR people take vacations, it's that no one at Valve has a job description or any responsibilities so nobody does anything annoying or difficult if they don't have to.
Nailed it. A faster response of "we're on it, we'll get back to you with the details" would've been better. But at least they said something five days after the fact. :/
TheSpoiler
Member
If you are going to run defense for Steam, at least be brave enough to say it outloud instead of being passive aggressive. Doesn't validate what you are saying in any format, but it looks better than just taking a generalize swipe without much base.
Ingueferroque
Banned
It is way too late to say 'Good for them.'. It took a lot of popular streamers to rant about it on Youtube before this came.
This should have been addressed days ago.
Pathfinder
Member
34,000 isn't as bad as it could have been. Still, this should be emailed out to everyone with a Steam account.
How much of this is supposition on your part? It's not like Valve, but I work in software development with a relatively flat structure and people take care of the annoying and difficult stuff because we take pride in doing good work and because it has to get done.
Like, nobody tells me to take care of this annoying deployment configuration thing, but it's on the board (because it was identified as something that needed to happen for things to go smoothly), so I do it. If I (or someone else) didn't, then it causes all sorts of issues, resulting in us feeling shitty about the quality of our work. Why would we knowingly put ourselves in that position?
I guess I just have a hard time imagining people in a similar environment being so flippant about their own work.
Roland1979
Junior Member
Agreed.
charlequin
Banned
Not really any? Beyond the employee handbook we've had multiple first-hand reports of how things work inside the company, including the lack of customer-oriented employees, the lack of commitment to projects, and the inability to get anything actually approved or shipped.
I mean, I don't think people are shying away from challenges that are actually in their wheelhouse (tough technical issues or whatever) but typically even at a flat-structure company people get hired with specific, concrete responsibilities. Valve's refusal to do that means areas far outside the technical realm (customer service, public relations, etc.) don't have anyone dedicated and skilled handling them.
Why haven't they sent this statement to their customers through email? Even if some customers haven't logged into steam in awhile they should also be informed so they can decide whether or not they trust valve to keep their private information safe.
This is the first time I have never been informed through email about a potential leak of private information from a company.
This is the first time I have never been informed through email about a potential leak of private information from a company.
RealityCheque
Banned
I was unaffected but:
I WANT FREE THINGS TO SOOTH MY OUTRAGE!!
I WANT FREE THINGS TO SOOTH MY OUTRAGE!!
justsomeguy
Member
Pinnochio.gif
The Dutch Slayer
Member
Well I do have to say that Doug is pretty good at Press PR stuff, every time I send him an email I get a fairly quick response on my questions.
But the rest I 100% agree with you even smaller indies have community managers and a company with billions and 100+ million users does not even have 1 is pretty crazy.
Cheeseman Battitude
Member
I wonder when the 34K people will hear from Valve. I mean, it will be soon, right?