Players on Steam were briefly able to access other people's private information


Steam Winter Sale 2015

Christmas isn’t going to well for Valve and the Steam store. Earlier today, the Steam store was allowing players to access other people’s account, exposing information such as email addresses, credit card details, and purchase history. Valve has since shut down the Store while the issue is investigated and resolved. Here’s what Kotaku had to say about it:

Various players across the world logged into their Steam clients today to find that their homepage displaying Russian or another random language. When they checked the “account info” section of Steam, the digital store showed them another user’s account, complete with e-mail addresses, buying history, and other private information. Merry Christmas!

Interesting timing for this blunder as Steam is currently in the middle of their Winter sale. We’ll keep you posted once the issue is resolved. Valve is “working on it” and the breach of security has yet to be explained.
Update: Valve has explained that a caching issue was the culprit. “As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”