Jump to content

Recommended Posts

Posted

Some Steam users' personal information was exposed for a period of time on December 25. Following a brief statement released a few hours after the problem cropped up, Valve today offered a more in-depth explanation of what happened.

2985223-steam.jpg

"About" 34,000 Steam users' information may have been accidentally shown to other users due to a "configuration error," Valve explains in today's statement. Only users who visited a page on the Steam store containing their personal information during this period--11:50 AM PST to 1:20 PM on Christmas--could have had it exposed to other users.
 
That's a small reassurance, but Valve says it's attempting to identify those whose information may have been seen. Once it's done so, it'll be contacting those users. In the meantime, as it said on Christmas, there's no need to actually perform any actions, as the only thing someone would have been able to do is see other people's cached page information. (That said, it's probably wise to keep an eye on your credit card statements and credit report anyway.)
 
As for how this happened in the first place, Valve says a denial-of-service attack targeted Steam in the early morning hours of Christmas. This in and of itself is not unusual, but it was the response that then caused the problems to occur.
 
"[C]aching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic," Valve explains. "During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user."
 
Once it was discovered this was happening, the Steam store, as we already know, was taken offline for a period of time. Valve says it "remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged."
 
The company goes on to say it's working to ensure this kind of thing doesn't happen again in the future and apologizes to affected users: "We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service."
 
Valve was criticized last week for what was perceived as a slow response, both in terms of a fix and an official statement. The latter ended up being sent to the media, including GameSpot, but until today there had been no official statement on Steam itself informing users that anything had happened.
 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.