Steam, the online game store, delivered users anything but a Merry Christmas when last minute shoppers found themselves getting directed to other users’ accounts, giving them access to other people’s personal information such email addresses, credit card information and home addresses. Gaming community websites were abuzz with frustrated users and Valve, Steam’s creator, did little to assure users they were getting the malfunction under control.
The service was back to normal late in the day, but as of Saturday evening, many users were not satisfied the matter was handled properly and worried that many peoples’ personal information was compromised.
As of 7:45 p.m. Eastern Standard Time Saturday, there was nothing about the problem on Steam’s website, nor of Valve.
Users Find Themselves On Strange Pages
Some Steam users were landing on foreign language landing pages, according to Forbes and other news websites. Others found themselves only able to log into a limited number of accounts when they tried to sign in, refresh the page or navigate to a different page. Users were trying to log into their accounts to delete personal information to protect themselves.
At 12:50 p.m. on Christmas day, Steam Database, a user website, encouraged users not to use the Steam website.
Many users wondered why Steam had not taken the store offline. Many were frightened by seeing other users’ personal information.
Steam Database reminded users it was not affiliated with Steam. It noted it had not heard from Valve in an official capacity.
Steam Database said it suspected a caching misconfiguration caused Steam to incorrectly send users to cached pages that it intended for a single user. It noted that users’ private information was at risk.
Steam Database said the problem was not a DDoS attack or a hack. It was rather a misconfiguration in a Valve caching layer.
The user website urged users not to store billing information on the Steam store. It said Valve has repeatedly proven it is unable to maintain security standards at a high level.
At 4:32 p.m., Valve shut down the Steam store and community sites, Forbes reported.
At 4:51 p.m. SkidNP, a hacking group, launched a DDoS attack against Steam, as they promised they would do over Christmas, Forbes reported. But it was not clear if that attack was responsible for the earlier reported problems users were having.
Troy Hunt, a security expert, told Forbes the two attacks could be related. There have been other cases where environments under heavy load suffered management problems and assigned identities to the wrong person, Hunt said. He said it would be “enormously coincidental” for both issues to occur simultaneously and not be related.
6:05 P.M.: Kotaku Reports Progress
At 6:05 p.m., Kotaku.com, a game site, said Steam was allowing users to log in, and the user information was correct, although Steam provided no official word on Valve.
Later in the day, Valve sent statements to Kotaku.com and Gamespot.com, another gaming website.
At 8:25 p.m., Kotaku reported that Steam was restored to normal.
Gamespot at 9:36 p.m. reported that as a result of a configuration change early in the day, Valve said a caching issue caused some users to randomly see pages created for other users for less than an hour, but the issue was resolved. Valve said it does not believe any unauthorized actions occurred on accounts other than the viewing of cached page information.
Forbes said the exposed information was serious, and Valve was trying to understate the seriousness. Forbes noted there was not anything said about it on their official Twitter channels.
Steam’s Twitter support hasn’t mentioned the problem.
Forbes: Timing Suspicious
The timing of the attack was suspicious in light of attacks on PSN and Xob Live on Christmas, Forbes noted.
Writing on Gamespot, videogame writer Chris Pereira said it was unclear what happened. He said users were allowed to see Steam Wallet money, purchase history and other persons’ email addresses. Two tools for protecting one’s Steam account, Steam Guard and Steam Mobile Authenticator, appeared to be ineffectual for preventing these mishaps.
Pereira said there was no evidence hackers were causing the problem.
Featured image from Shutterstock.
San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI
The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.
Toward Unbreakable Quantum Encryption for Everyone
Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?
The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks
One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.
- Daily Analysis: Stocks Turn Lower as Kiwi Collapses after Coalition Agreement October 19, 2017
- Technical Analysis: Coins Recover from Sell-Off as Bulls Remain in Control October 19, 2017
- Trade Recommendation: Zcash October 19, 2017
- Trade Recommendation: Litecoin October 19, 2017
- Ethereum Alliance Gets Another Member in Russia’s Largest Bank October 19, 2017
- Tortoise & Hare Investing October 19, 2017
- Asian Market Update – Thursday: Asian stocks mixed on China GDP, Japan trade data October 19, 2017
- Bitcoin Returns to Health After Flash Crash October 19, 2017
- ICO Analysis: Datum October 19, 2017
- Kazakhstan Is About to See Its First Cryptocurrency Backed by Fiat Money October 19, 2017
A part of CCN
Analysis1 week ago
Analysis: Bitcoin Price at $5200, How Much is There Left in the Tank?
Analysis6 days ago
Technical Analysis: Ethereum, Monero, and Litecoin Jump as Bitcoin Goes Parabolic
Analysis4 days ago
5 Things to Watch Next Week: Byzantium, Bitcoin Stretched, Gold’s Strength, The Next Fed Chair, Kirkuk and Crude Oil
Cryptocurrencies1 week ago
Trade Recommendation: Monero
ICO5 days ago
ICO Analysis: UTRUST
ICO1 week ago
ICO Analysis: Request Network
Analysis1 week ago
Technical Analysis: Litecoin Follows Bitcoin Higher as Market Tops $165 billion
Cryptocurrencies4 days ago
Trade Recommendation: Stellar