Valve Finally Issues A Statement On Cache Leak Issues During Holidays

Valve explains exactly what happened.

Posted By | On 02nd, Jan. 2016

steam

Last week the Steam store was struck by a potentially debilitating flaw- a cache overload that displayed other users’ account information to users, leaking information such as the users’ billing address, the last four digits of their credit card numbers, their Steam wallet amount, their email ID, and the last few digits of their phone number on record.

So far, Valve has remained silent on this issue, and many had expected that the famously reticent company would forego an official statement this time around too. However, they have posted a lengthy statement on the Steam forums, explaining exactly what happened, and apologizing for their oversight.

Here is a summary of what happened and how Valve fixed it.

On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.

The Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. 

In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.

Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. 

We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.

Well, good on them for coming clean. I only hope that they reach out to those who were affected, and work with them to secure their information and data.


Tagged With: , ,

Amazing Articles You Might Want To Check Out!

Share Your Thoughts Below  (Always follow our comments policy!)



Keep On Reading!

Warcraft 3: Reforged Update 2.0 Brings Overhauled Visuals, Revamped UI, and More

Warcraft 3: Reforged Update 2.0 Brings Overhauled Visuals, Revamped UI, and More

The remaster now also allows players to swap between its multiple visual styles, which includes a new remaster...

Mortal Kombat 1 Trailer Showcases Brutal Ghostface Gameplay

Mortal Kombat 1 Trailer Showcases Brutal Ghostface Gameplay

Scream's Ghostface will join Mortal Kombat 1's roster of characters as guest DLC fighter later this month, on ...

Warcraft: Remastered and Warcraft 2: Remastered Announced, Out Now on PC

Warcraft: Remastered and Warcraft 2: Remastered Announced, Out Now on PC

Both remasters are available for $9.99 on Battle.net and include wide-screen support, updated artwork, and qua...

GTA 5, Dying Light 2, and Like a Dragon: Ishin! Lead PS Plus Game Catalog Lineup for November

GTA 5, Dying Light 2, and Like a Dragon: Ishin! Lead PS Plus Game Catalog Lineup for November

PlayStation Plus Premium subscribers will also get access to Resistance: Fall of Man, Resistance 2, Blood Omen...

All First-Party Xbox Games Could Potentially Come to PlayStation and Nintendo Platforms, Xbox Boss Suggests

All First-Party Xbox Games Could Potentially Come to PlayStation and Nintendo Platforms, Xbox Boss Suggests

“I do not see sort of red lines in our portfolio that say ‘thou must not,'" says Microsoft Gaming CEO Phil...

Xbox is Still Eyeing More Acquisitions, Phil Spencer Says

Xbox is Still Eyeing More Acquisitions, Phil Spencer Says

"When we can find teams and technology and capability that add to what we’re trying to do in gaming at Micro...