Valve Finally Issues A Statement On Cache Leak Issues During Holidays

Valve explains exactly what happened.

Posted By | On 02nd, Jan. 2016

steam

Last week the Steam store was struck by a potentially debilitating flaw- a cache overload that displayed other users’ account information to users, leaking information such as the users’ billing address, the last four digits of their credit card numbers, their Steam wallet amount, their email ID, and the last few digits of their phone number on record.

So far, Valve has remained silent on this issue, and many had expected that the famously reticent company would forego an official statement this time around too. However, they have posted a lengthy statement on the Steam forums, explaining exactly what happened, and apologizing for their oversight.

Here is a summary of what happened and how Valve fixed it.

On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.

The Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. 

In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.

Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. 

We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.

Well, good on them for coming clean. I only hope that they reach out to those who were affected, and work with them to secure their information and data.


Tagged With: , ,

Amazing Articles You Might Want To Check Out!

Share Your Thoughts Below  (Always follow our comments policy!)



Keep On Reading!

Frostpunk 2 Post-Launch Roadmap Promises Three Expansions, Free Content Updates, and More

Frostpunk 2 Post-Launch Roadmap Promises Three Expansions, Free Content Updates, and More

2025 will see the launch of two Frostpunk expansions, a major free content update, and console ports, 11 bit s...

Baldur’s Gate 3 is Adding Cross-Play, 12 New Subclasses in 2025

Baldur’s Gate 3 is Adding Cross-Play, 12 New Subclasses in 2025

Each class will receive a brand new subclass when Patch 8 lands next year, including the Swashbuckler, Hexblad...

Aliens: Dark Descent is Now Available Via Game Pass

Aliens: Dark Descent is Now Available Via Game Pass

Tindalos Interactive and Focus Entertainment's real-time tactics title is available with PS Plus in December, ...

It Takes Two, Aliens: Dark Descent, and Temtem Coming to PS Plus Essential in December

It Takes Two, Aliens: Dark Descent, and Temtem Coming to PS Plus Essential in December

Premium subscribers can look forward to Sly 2: Band of Thieves, Sly 3: Honor Among Thieves, and Jak and Daxter...

15 BEST Linear Games of All Time [2024 Edition]

15 BEST Linear Games of All Time [2024 Edition]

Some linear games are faulty, but there is no denying that there is a certain charm in this genre of video gam...

15 Story-Heavy Games of 2024 and Beyond

15 Story-Heavy Games of 2024 and Beyond

Nothing makes single player amazing better than a really good story. This feature lists fifteen already releas...