Remember the day you were sitting by your cozy chair in front of your PC waiting for your Steam account to open up, and suddenly the screen lights up to a log-in of an unknown identity. Yes, the Steam security error which exposed accounts of many individuals on the Christmas Day, Valve has finally issued a statement on the problems.
The statement reads, “A configuration error resulted in some users seeing Steam store pages generated for other users.
The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.”
The issues, Valve says was caused by a denial-of-service attack that increased traffic to the Steam store by 2000 per cent which is more than average during Steam sales. Valve enabled caching rules “managed by a Steam web caching partner” to decrease the impact of the attack and “route legitimate user traffic.” In the second wave of the attack, “a second caching configuration was deployed that incorrectly cached web traffic for authenticated users.”
Reported earlier, some users on Steam store saw wrong language as they logged in, or came upon some another user’s private information. Valve says, the time frame was for the error was very small from 11:50 PST to 13:20 PST (1:20 IST to 2:50 IST), and things were resolved quickly. 34,000 people were exposed to others, but no information was severely affected with none of the full credit card numbers, any user passwords, or enough data to allow logging in as or completing a transaction as another user could be used.
The Steam Store shutdown was an intentional act that Valve took once it became clear what was going on. The downtime gave the Steam gatekeeper and its web caching partner time to address the error and make sure it wouldn’t be repeated.
But your information could be safe, if you did not access your Steam account during that timeframe. But if you did buy something, then chances are that your billing address, purchase history, or email address could have been exposed. Also, apart from this information, the last two digits of your credit card or the last four numbers of your Steam Guard phone number too have been out in the open.
The company assures the community that it’s working to identify users whose information has been compromised, and that it’s improving the way it sets caching rules in the future.