Home / Software & Gaming / Security / Valve finally explains Steam’s Christmas day accident

Valve finally explains Steam’s Christmas day accident

It has taken a few days but Valve has finally explained exactly what went wrong with Steam on Christmas day, when a caching error allowed users to see someone else's account while visiting the Steam store. This meant that information like a user's address, phone number, and email address were put out there for anyone to see, along with the last few digits of their payment card.

While Valve did say in a statement to Gamespot that it was not hacked, it did not apologize at the time for alarming users or properly explain exactly why users were seeing someone else's account details on the store page.

steam-600x300

In a statement made today, Valve explained that Steam was hit with a DDOS attack, which increased Steam traffic by 2000% over normal usage. This meant that one of Valve's partner companies went ahead and deployed a new caching configuration to allow users to access the Steam Store like normal. However, something wasn't quite right and had the knock on effect of sending incorrect account details to 34,000 Steam users.

No unauthorized actions were made on user accounts as a result of this error, so Valve says no further action is required. You can read the full blog post, HERE. 

KitGuru Says: Valve did eventually apologize for the screw-up, though it shouldn't have taken this long to do so. Were any of you affected by the Steam store error on Christmas day? I remember logging in and seeing an entirely different user account, refreshing the store and then seeing a second account myself. 

 

Become a Patron!

Check Also

Nvidia driver update fixes crucial security vulnerabilities

Nvidia GeForce, RTX, Quadro, NVS and Tesla GPU users will want to update their drivers soon. Nvidia has pushed out a hotfix with a number of critical security fixes that if left unfixed, could allow for unauthorised access to systems. 

13 comments

  1. It didn’t take this long to do it, you just took this long to report it. They said what happened later the same day.

  2. Steam is huge, it more huge than any other game distribution platform.

    They also don’t have anything to apologize for and they still did.

  3. well they do have a bit to apologize for. it was improper testing/coding that caused the issue from their side. that is something to apologize for…. but it’s not uncommon in the least. finding any online business, large or small, that hasn’t had a faulty line of code cause a security issue is not likely.

  4. So giving away my personal information isnt something to apologize about?

  5. Aldwin Gerald Alvaran Velasco

    giving away? you can say that if they DID IT Intently

  6. It wasn’t their fault. Notice how they mention is was a company running their infrastructure.

  7. still trust Steam implicitly

  8. so why you gave your info to steam? you should blame your’s not them. it was an accident btw. in internet nothing is safe. the important is Valve is taking an action to fix on that matter.

  9. When you give your personal information to steam, the onus is on them to protect it, that’s in the term’s of agreement over 90% of people just skip over and agree to; unless you want something personal shared, steam has to protect it within their servers, that’s part of their agreement. Steam broke that agreement by instead of taking the safer option of just suspending the service till the DDOS attacks were over, they tried something risky to keep the service running to keep profits up, so Steam is entirely at fault. If say, a manager asks an employee to do something which isn’t guaranteed to work and it has unknown risks to it since it’s a “new” service, and something goes horribly wrong and about 34000 people’s private data gets compromised do you blame the manager or the employee? Obviously the manager because they authorised it (Valve would always make the final decision as to what happens to their servers) and they didn’t take the risks into consideration.
    Steam also refused to comment at all when it was going on, people were freaking out about their personal info being leaked and they still remained silent, Valve were completely to blame on this one. I like steam but just because they’re usually a good service doesn’t mean they get a free pass for a monumental fuck up such as this one.

  10. Yes, why every would you give info to an online store system…. I have noooOooOo idea.
    A company made a big mistake, at the very LEAST they deserve to hand out apologies.

  11. Yep thats exactly what I said……..

  12. ❝my neighbor’s stride mother is making 98$ HOURLY on the internet❞….

    A few days ago new McLaren F1 subsequent after earning 18,512$,,,this was my previous month’s paycheck ,and-a little over, 17k$ Last month ..3-5 h/r of work a day with extra open doors & weekly paychecks. it’s realy the easiest work I have ever Do. I Joined This 7 months ago and now making over 87$, p/h.Learn More right Here
    dm………….
    ➤➤
    ➤➤➤ http://GlobalSuperEmploymentVacanciesReportsMoney/GetPaid/98$hourly❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦.❦

  13. Can I ask why my comment was removed?