Valve Explains Christmas Day Problems on Steam
While Christmas is a time for celebration for most, there are often things that go wrong on it for some. In the case of Valve, Steam suffered a number of issues on this past Christmas that caused many of its users to scratch their heads. From seeing Steam in a different language, to not seeing their own account, but rather another user, it was all very concerning.
Valve has released a statement on what happened, as well as going into detail about how it happened. They state on their Steam page:
“On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.”
They went on to detail the attack itself:
“Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. During the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale.”
Valve maintains though that although the attack was effective, the servers have been purged, and they’re going to work hard to ensure it does not continue to ensure it doesn’t continue to plague users:
“We will continue to work with our web caching partner to identify affected users and to improve the process used to set caching rules going forward. We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.”