Steam Security Problems: Valve Investigates

<p>Earlier this morning &lpar;Australian time&rpar; a user on NeoGaf &&num;8220&semi;Quirah&&num;8221&semi; and a user on reddit &&num;8220&semi;HalfBurntToast&&num;8221&semi; both noticed that Steam was wrongfully showing them other users&&num;8217&semi; personal information such as payment information&comma; mobile number&comma; email address&comma; etc &lpar;all information the users were noted were blurred or covered&rpar;&period;<&sol;p>&NewLine;<p>Not only were you able to see other people&&num;8217&semi;s personal information&comma; but you were also logged in as someone entirely different&period; As to the official reasoning behind this security issue&comma; Steam is still investigating&&num;8230&semi; hopefully not for much longer&period;<&sol;p>&NewLine;<p>A Steam Community Moderator&comma; KillahInstinct&comma; took to the<a href&equals;"http&colon;&sol;&sol;steamcommunity&period;com&sol;discussions&sol;forum&sol;0&sol;458604254431478327&sol;" target&equals;"&lowbar;blank"> Steam forums<&sol;a> to quickly address the issue stating the following information&period;<&sol;p>&NewLine;<p><em><strong>&&num;8220&semi;Account information incorrect<&sol;strong><&sol;em><br &sol;>&NewLine;<em><strong>We&&num;8217&semi;ve gotten reports that people sometimes see other people&&num;8217&semi;s account information on the account page&period; Valve has been made aware of this and are working on a fix&period;<&sol;strong><&sol;em><&sol;p>&NewLine;<p><em><strong>Some frequently asked questions&colon;<&sol;strong><&sol;em><br &sol;>&NewLine;<em><strong>&&num;8211&semi; No&comma; Steam is not hacked<&sol;strong><&sol;em><&sol;p>&NewLine;<p><em><strong>&&num;8211&semi; Creditcard info and phone numbers are&comma; as required by law&comma; censored and not visible to users&period;&&num;8221&semi;<&sol;strong><&sol;em><&sol;p>&NewLine;<p>KillahInstinct also commented on <a href&equals;"https&colon;&sol;&sol;www&period;reddit&period;com&sol;r&sol;Steam&sol;comments&sol;3y7le9&sol;im&lowbar;logged&lowbar;in&lowbar;as&lowbar;someone&lowbar;random&lowbar;on&lowbar;steam&sol;" target&equals;"&lowbar;blank">NeoGaf<&sol;a> about the issue&comma; <em><strong>&&num;8220&semi;I&&num;8217&semi;ve alerted a few people &lpar;read&semi; everyone&rpar;&excl; &sol;Edit&colon; They are working on it as we speak&&num;8221&semi;&period;<&sol;strong><&sol;em><br &sol;>&NewLine;Grief&period;exe on <a href&equals;"http&colon;&sol;&sol;www&period;neogaf&period;com&sol;forum&sol;showthread&period;php&quest;p&equals;190425008&num;post190425008" target&equals;"&lowbar;blank">Neogaf<&sol;a> stated what Valve currently knows about the problem&period;<&sol;p>&NewLine;<p><em><strong>&&num;8220&semi;Most likely an error in the way Steam caches pages&period; People are able to access random Steam profiles and see compromising information&comma; account names&comma; emails&comma; last 2 digits of credit card&comma; paypal email address&comma; purchases&comma; etc&period; Full addresses and phone numbers were able to be accessed &lpar;<a href&equals;"https&colon;&sol;&sol;i&period;imgur&period;com&sol;SvwWJRG&period;png1" target&equals;"&lowbar;blank">link to covered image<&sol;a>&rpar;&period; No changes can be made to the effected account&comma; no purchases can be made&period; Any evidence to the contrary is&comma; as of yet&comma; unsubstantiated&period; It&&num;8217&semi;s been advised to not access Steam URLs&comma; including the client&comma; until we have more information&period; Reminder&colon; Steamdb is not affiliated with Valve in any way&period;&&num;8221&semi;<&sol;strong><&sol;em><&sol;p>&NewLine;<p>That last point is quite integral to the discussion because although they use the &&num;8220&semi;Steam&&num;8221&semi; name&comma; the information they provide isn&&num;8217&semi;t at all verified&period; Please remember&comma; if your account is showing these symptoms <em><strong>DO NOT POST OTHER PEOPLES PERSONAL INFORMATION ONLINE FOR ANY REASON<&sol;strong><&sol;em>&period;<&sol;p>&NewLine;<p>As this is a developing story we will continue to keep you updated&period;<&sol;p>&NewLine;<p>Sources&colon; <a href&equals;"https&colon;&sol;&sol;www&period;reddit&period;com&sol;r&sol;Games&sol;comments&sol;3y7maa&sol;something&lowbar;is&lowbar;really&lowbar;wrong&lowbar;with&lowbar;steam&lowbar;be&lowbar;careful&sol;" target&equals;"&lowbar;blank">HalfBurntToast NeoGaf<&sol;a>&comma; <a href&equals;"http&colon;&sol;&sol;www&period;neogaf&period;com&sol;forum&sol;showthread&period;php&quest;p&equals;190425008&num;post190425008" target&equals;"&lowbar;blank">Grief&period;exe NeoGaf<&sol;a>&comma; <a href&equals;"https&colon;&sol;&sol;www&period;reddit&period;com&sol;r&sol;Steam&sol;comments&sol;3y7le9&sol;im&lowbar;logged&lowbar;in&lowbar;as&lowbar;someone&lowbar;random&lowbar;on&lowbar;steam&sol;" target&equals;"&lowbar;blank">KillahInstinct Reddit<&sol;a>&comma; <a href&equals;"http&colon;&sol;&sol;steamcommunity&period;com&sol;discussions&sol;forum&sol;0&sol;458604254431478327&sol;" target&equals;"&lowbar;blank">KillahInstinct Steam Forum<&sol;p>&NewLine;<p><&sol;a>&ast;&ast;UPDATED&ast;&ast;<&sol;p>&NewLine;<p>Valve released an official statement in relation to the Steam Security issue that occurred on the 25th of December&period;<&sol;p>&NewLine;<p><a href&equals;"https&colon;&sol;&sol;bagogames&period;com&sol;steam-security-problems-valve-investigates&sol;steamupdatexmas1&sol;" rel&equals;"attachment wp-att-97352"><img class&equals;"alignnone size-full wp-image-97352" src&equals;"https&colon;&sol;&sol;cdn&period;bagogames&period;com&sol;wp-content&sol;uploads&sol;2015&sol;12&sol;04092627&sol;SteamUpdateXmas1&period;jpg" alt&equals;"SteamUpdateXmas1" width&equals;"685" height&equals;"448" &sol;><&sol;a> <a href&equals;"https&colon;&sol;&sol;bagogames&period;com&sol;steam-security-problems-valve-investigates&sol;steamupdatexmas2&sol;" rel&equals;"attachment wp-att-97353"><img class&equals;"alignnone size-large wp-image-97353" src&equals;"https&colon;&sol;&sol;cdn&period;bagogames&period;com&sol;wp-content&sol;uploads&sol;2015&sol;12&sol;04092616&sol;SteamUpdateXmas2&period;jpg" alt&equals;"SteamUpdateXmas2" width&equals;"620" height&equals;"425" &sol;><&sol;a><&sol;p>&NewLine;<p>Notably nothing within this update even remotely leads into a formal apology&comma; even if the last line states <em><strong>&&num;8220&semi;We apologize to everyone whose personal information was exposed by this error&comma; and for interruption of Steam Store service&&num;8221&semi;<&sol;strong><&sol;em>&period; I understand it will take some time to rectify the problem&comma; that still doesn&&num;8217&semi;t mean that users who use the Steam client should constantly be worried about their personal information being leaked from what appeared to be a trusted application&period; Yes we can&&num;8217&semi;t always assume that a given service will always be protected but for something like this to show certain identifiable information to anyone who views the account page at that time&&num;8230&semi; that&&num;8217&semi;s just dreadful&period; Too not only add the soulless apology at the end as an after thought&period; Completely unacceptable in my eyes&comma; at least nobody was able to use my account to purchase anything so there&&num;8217&semi;s a plus out of all this&period;<&sol;p>&NewLine;<p>Source&colon; <a href&equals;"http&colon;&sol;&sol;store&period;steampowered&period;com&sol;news&sol;19852&sol;&quest;snr&equals;1&lowbar;550&lowbar;552" target&equals;"&lowbar;blank">Steam news<&sol;a><&sol;p>&NewLine;