Connect with us

Communication

Gamers’ Woe: Steam Suffers Mishap on Christmas to Expose User Information

Published

on

Steam, the online game store, delivered users anything but a Merry Christmas when last minute shoppers found themselves getting directed to other users’ accounts, giving them access to other people’s personal information such email addresses, credit card information and home addresses. Gaming community websites were abuzz with frustrated users and Valve, Steam’s creator, did little to assure users they were getting the malfunction under control.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The service was back to normal late in the day, but as of Saturday evening, many users were not satisfied the matter was handled properly and worried that many peoples’ personal information was compromised.

As of 7:45 p.m. Eastern Standard Time Saturday, there was nothing about the problem on Steam’s website, nor of Valve.

Users Find Themselves On Strange Pages

Some Steam users were landing on foreign language landing pages, according to Forbes and other news websites. Others found themselves only able to log into a limited number of accounts when they tried to sign in, refresh the page or navigate to a different page. Users were trying to log into their accounts to delete personal information to protect themselves.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

At 12:50 p.m. on Christmas day, Steam Database, a user website, encouraged users not to use the Steam website.

Many users wondered why Steam had not taken the store offline. Many were frightened by seeing other users’ personal information.

Steam Database reminded users it was not affiliated with Steam. It noted it had not heard from Valve in an official capacity.

Misconfigurations Suspected

Steam Database said it suspected a caching misconfiguration caused Steam to incorrectly send users to cached pages that it intended for a single user. It noted that users’ private information was at risk.

Steam Database said the problem was not a DDoS attack or a hack. It was rather a misconfiguration in a Valve caching layer.

The user website urged users not to store billing information on the Steam store. It said Valve has repeatedly proven it is unable to maintain security standards at a high level.

At 4:32 p.m., Valve shut down the Steam store and community sites, Forbes reported.

At 4:51 p.m. SkidNP, a hacking group, launched a DDoS attack against Steam, as they promised they would do over Christmas, Forbes reported. But it was not clear if that attack was responsible for the earlier reported problems users were having.

Troy Hunt, a security expert, told Forbes the two attacks could be related. There have been other cases where environments under heavy load suffered management problems and assigned identities to the wrong person, Hunt said. He said it would be “enormously coincidental” for both issues to occur simultaneously and not be related.

6:05 P.M.: Kotaku Reports Progress

At 6:05 p.m., Kotaku.com, a game site, said Steam was allowing users to log in, and the user information was correct, although Steam provided no official word on Valve.

Later in the day, Valve sent statements to Kotaku.com and Gamespot.com, another gaming website.

At 8:25 p.m., Kotaku reported that Steam was restored to normal.

Gamespot at 9:36 p.m. reported that as a result of a configuration change early in the day, Valve said a caching issue caused some users to randomly see pages created for other users for less than an hour, but the issue was resolved. Valve said it does not believe any unauthorized actions occurred on accounts other than the viewing of cached page information.

Forbes said the exposed information was serious, and Valve was trying to understate the seriousness. Forbes noted there was not anything said about it on their official Twitter channels.

Steam’s Twitter support hasn’t mentioned the problem.

Forbes: Timing Suspicious

The timing of the attack was suspicious in light of attacks on PSN and Xob Live on Christmas, Forbes noted.

Writing on Gamespot, videogame writer Chris Pereira said it was unclear what happened. He said users were allowed to see Steam Wallet money, purchase history and other persons’ email addresses. Two tools for protecting one’s Steam account, Steam Guard and Steam Mobile Authenticator, appeared to be ineffectual for preventing these mishaps.

Pereira said there was no evidence hackers were causing the problem.

Steam was hacked as recently as July. Gamers reported losing their accounts. The Steam community was down for a while and Steam did not comment about the incident at the time.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

1 Comment

1 Comment

  1. Resist 44

    December 27, 2015 at 6:30 am

    Should’ve bought a Wii U

You must be logged in to post a comment Login

Leave a Reply

Communication

San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI

Published

on

The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Communication

Toward Unbreakable Quantum Encryption for Everyone

Published

on

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Communication

The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks

Published

on

One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

(more…)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending