Steam Caching Error Led To Seeing Others’ Account Info


Personal info of random users, including partial credit card digits and phone numbers, were accidentally cached and displayed to numerous Steam users yesterday.

During the holiday season, we usually, regrettably, have to inform readers that groups like Lizard Squad or Xbox Underground have taken down servers or stolen account information for gaming services like PlayStation Network or Xbox Live. This year, unfortunately, the biggest gaming-related headache to affect the Christmas season was by Valve, themselves, and the way the situation was handled is dreadful, to say the least.

Yesterday afternoon, Steam gaming users across several factions of social media and forums reported that when they either were checking out of store purchases or checking their account information, the information displayed was of an account that was not theirs. As such, information such as full names, addresses, partial digits to credit card numbers, purchase histories and PayPal email addresses of select users were compromised and viewable to affected accounts.

More from GameSided

Initially, the worst thing about this problem is that you wouldn’t have heard about this issue unless you were on such social media sites or reading reports from gaming sites like Kotaku, who reported problems affecting Steam users as it was happening. Worse yet was Valve’s snaillike response time solving the problem, in which they let the Steam store page stay live for more than an hour and a half before shutting it down at roughly 4:30 PM ET yesterday. Finally, the Steam store went back online 90 minutes later, in which account information was now properly displayed.

Again, Valve’s disconcerting lack of public relations communication continued to be the harshest aspect of the errors involving personal information being leaked, as even after the problem was “solved,” no public statements were immediately made. Unrelated sites that are linked to Steam services, like SteamDB, had to theorize that the issue was an improper profile caching failure. Finally, at 8:25 PM, and more than 5 hours after the issue was first known, did Valve officially comment to news sites in a cold, uncalculating manner.

As told to Kotaku:

"Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."

It is passed noon on December 26th as of posting, yet Valve has still failed to directly address its users about the potential that their private information was made publicly available yesterday afternoon. Their reluctant admittance to the issue at hand, only made at the prompt of reporters, suggests their best attempt at hiding such a compromising offense from their users. The fact that an email sent directly to account holders warning them about the issue has not been sent already is of incredibly poor taste, even if users’ accounts could not be made to make unauthorized purchases.

A lack of an apology from Steam is downright disappointing.