Earlier this morning (Australian time) a user on NeoGaf “Quirah” and a user on reddit “HalfBurntToast” both noticed that Steam was wrongfully showing them other users’ personal information such as payment information, mobile number, email address, etc (all information the users were noted were blurred or covered).
Not only were you able to see other people’s personal information, but you were also logged in as someone entirely different. As to the official reasoning behind this security issue, Steam is still investigating… hopefully not for much longer.
A Steam Community Moderator, KillahInstinct, took to the Steam forums to quickly address the issue stating the following information.
“Account information incorrect
We’ve gotten reports that people sometimes see other people’s account information on the account page. Valve has been made aware of this and are working on a fix.
Some frequently asked questions:
– No, Steam is not hacked
– Creditcard info and phone numbers are, as required by law, censored and not visible to users.”
KillahInstinct also commented on NeoGaf about the issue, “I’ve alerted a few people (read; everyone)! /Edit: They are working on it as we speak”.
Grief.exe on Neogaf stated what Valve currently knows about the problem.
“Most likely an error in the way Steam caches pages. People are able to access random Steam profiles and see compromising information, account names, emails, last 2 digits of credit card, paypal email address, purchases, etc. Full addresses and phone numbers were able to be accessed (link to covered image). No changes can be made to the effected account, no purchases can be made. Any evidence to the contrary is, as of yet, unsubstantiated. It’s been advised to not access Steam URLs, including the client, until we have more information. Reminder: Steamdb is not affiliated with Valve in any way.”
That last point is quite integral to the discussion because although they use the “Steam” name, the information they provide isn’t at all verified. Please remember, if your account is showing these symptoms DO NOT POST OTHER PEOPLES PERSONAL INFORMATION ONLINE FOR ANY REASON.
As this is a developing story we will continue to keep you updated.
Valve released an official statement in relation to the Steam Security issue that occurred on the 25th of December.
Notably nothing within this update even remotely leads into a formal apology, even if the last line states “We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service”. I understand it will take some time to rectify the problem, that still doesn’t mean that users who use the Steam client should constantly be worried about their personal information being leaked from what appeared to be a trusted application. Yes we can’t always assume that a given service will always be protected but for something like this to show certain identifiable information to anyone who views the account page at that time… that’s just dreadful. Too not only add the soulless apology at the end as an after thought. Completely unacceptable in my eyes, at least nobody was able to use my account to purchase anything so there’s a plus out of all this.
Source: Steam news