Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[miauw62]

I do not know what the fuck is going on, but serious shit is going down.


r/steam thread.
You can log into random strangers' accounts. Keep a VERY close eye on your credit/debit cards, don't visit the store pages NO MATTER WHAT, don't log in anywhere, etc.


As I said, I don't know shit, just throwing this out there as a warning to people who might not know.

[Metalax]

General consensus is that it isn't a deliberate attack, but rather a problem with the cacheing server after the downtime an hour or so ago. The server is being too aggressive in caching pages so it's serving those it shouldn't.

Spoiler: censored example of whats going wrong (click to show/hide)

Actual card details should not be accessible other than the last 4 digits, however billing addresses may well be visible.

The steam Community servers got taken down 20 mins ago, but the main store pages are still live appear to have just gone down.

[raptorfangamer]

paranoia made me lock my acc, definitive ptw.

[Knave]

Aye, thanks for the info. Hopefully no one loses anything of value!

[Shadowlord]

I wonder if Valve has the ability to effectively do a rollback of their database to before this started.

[BigD145]

A good reason to not store payment info.

[Cthulhu]

Payment info isn't accessible.  You're randomly seeing cached page info for other players' accounts.  Trying to buy something or change credit card info or anything like that will just 404 you.

The store's down now but the only thing you really need to do is not visit store or community on your account.  If you're not in the cache nobody can see your shit.

Change your password on your email if it's listed there.

[Uristides]

Payment info isn't accessible.  You're randomly seeing cached page info for other players' accounts.  Trying to buy something or change credit card info or anything like that will just 404 you.

The store's down now but the only thing you really need to do is not visit store or community on your account.  If you're not in the cache nobody can see your shit.

Change your password on your email if it's listed there.

So you can see other people's wishlists but not add nekopara and hunybop to them? That's both relieving, and slightly disappointing.

[Catastrophic lolcats]

I just woke up my the annual christmas bender and been trying to paste together what happened. It seems like it was not a deliberate attack, more like a dodgy update that was probably automated. Looks like it's caching information that it shouldn't be.

Steam has pulled the plug now on the store and community so there shouldn't be any further problems until they fix it. Playing your games should be completely fine.
EDIT: seems like the site is back up.

[Nighthawk]

Still can't seem to log in, though. It appears to redirect to the home page without actually logging in.

[Yourmaster]

And this is why I don't put my credit card online. Ever.

[Metalax]

The situation now appears to have been resolved, and Steam should be fully back up.

Steam community mod post on the issue.

Confirmation that it wasn't a hack and card numbers and phone numbers were not exposed.

edit: Just as a follow up, this is a list of all the information potentially compromised.

Account page:

    Your log-in ID
    Your log-in email address
    Your country
    The last 4 digits of your phone number if you linked one
    The type of authentication you were using for Steam Guard
    Your wallet balance

Account page payment info:

    The type and last 2 digits of your credit card info, if you saved it
    Your full billing address and phone number, if you clicked on edit
    Your PayPal email address, if you saved it

Purchase history page:

    Your transaction history, including gifts you sent to other people
    The last two digits of any credit card that you have paid with, even if you did not save it

License page:

    The games you activated and the type and date of activation

[etgfrog]

Hm...steam is pretty much cant be accessed, now considering the swarm of unique ids that were going to the steam page, I can only guess it was a bunch of bots trying to gather as much data as possible. So now it is either a ddos attack in retaliation for the security breach or a mass hijack of account attempt. Then again...the stupid factor is still a possibility, valve removing all chaching from their websites.

[Ukrainian Ranger]

Your full billing address and phone number, if you clicked on edit
Your PayPal email address, if you saved it

*Facepalms*

[gimli]

And this is why I don't put my credit card online. Ever.

This is why you use a virtual CC [attached to your bank account]. My virtual CC is always on 0, I only transfer money to it when I buy stuff.