Valve Finally Issues A Statement On Cache Leak Issues During Holidays

Valve explains exactly what happened.

Posted By | On 02nd, Jan. 2016

steam

Last week the Steam store was struck by a potentially debilitating flaw- a cache overload that displayed other users’ account information to users, leaking information such as the users’ billing address, the last four digits of their credit card numbers, their Steam wallet amount, their email ID, and the last few digits of their phone number on record.

So far, Valve has remained silent on this issue, and many had expected that the famously reticent company would forego an official statement this time around too. However, they have posted a lengthy statement on the Steam forums, explaining exactly what happened, and apologizing for their oversight.

Here is a summary of what happened and how Valve fixed it.

On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.

The Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. 

In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.

Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. 

We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.

Well, good on them for coming clean. I only hope that they reach out to those who were affected, and work with them to secure their information and data.


Tagged With: , ,

Amazing Articles You Might Want To Check Out!



Share Your Thoughts Below  (Always follow our comments policy!)



Keep On Reading!

Lost Judgment Footage Shows Playable Master System

Lost Judgment Footage Shows Playable Master System

This is the first time a classic console will be playable in either the Yakuza or Judgment series. Sega's arca...

Outriders’ Game Pass Launch Has Paid Off, According to Square Enix

Outriders’ Game Pass Launch Has Paid Off, According to Square Enix

The news comes from Square Enix president Yosuke Matsuda, who made the comments during the company’s full ye...

What Does the Starfield Teaser Tell us About the Game?

What Does the Starfield Teaser Tell us About the Game?

We recently got to see an in-engine trailer of Bethesda's Starfield, but what does that brief teaser actually ...

Should We be Concerned That Halo Infinite Still Doesn’t Have a Release Date?

Should We be Concerned That Halo Infinite Still Doesn’t Have a Release Date?

Following Halo Infinite's E3 2021 showing, we still don't have a specific launch date for the game- is that ca...

Demon’s Souls PS4 Database Entry is Over 4 Years Old – Report

Demon’s Souls PS4 Database Entry is Over 4 Years Old – Report

Modder Lance McDonald believes that the recently discovered entry is instead a PlayStation Now entry for the P...

Hood: Outlaws and Legends – Mountain Map is Now Live, Co-op PvE Mode Inbound

Hood: Outlaws and Legends – Mountain Map is Now Live, Co-op PvE Mode Inbound

The new map is free as part of Season 0. Additional gameplay features and improvements are coming while the ne...