Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Steam sale, steam sales, steam, pc

Valve Releases Statement on Steam’s Christmas Day Issues

Valve comments on the security problems Steam went through last week.
This article is over 8 years old and may contain outdated information

Steam had some serious security issues  on Christmas Day last week, as the store ended up having to be taken down for a while. An issue had sprung up that was allowing users to view accounts that were not their own, with the ability to see some personal information of the other user. The digital distribution service went back up later in the day with Valve claiming that “no unauthorized actions” had occurred. Still, we’ve been waiting for an official statement on the event.

Recommended Videos

Today in a new post on the news channel of the Steam Store, the company released an official statement about what happened last week. Apparently on December 25, Steam was the target of a DoS(Denial of Service) attack, that helped to increase Steam traffic by 2000 percent of what it normally is during the Steam sale. Caching rules managed by a web caching partner were deployed at this point to minimize the impact on the store as well as continue to route legitimate user traffic.

During the second wave of the DoS attack an incorrect caching configuration was deployed resulting in some users seeing Steam Store responses that were generated by other users. The responses varied from seeing the store in the wrong language, to being able to see the account page of other users. The store was brought down at this point to launch a new caching configuration and purge the others. Valve says that almost 34K users were affected in some way.

The information available depending on requests could vary but some potential information seen was, Steam user’s billing address, the last four digits of their Steam Guard phone number, purchase history, the last two digits of their credit card number and/or email address. It seems that this information was not viewable however if you didn’t browse a Steam Store page with your personal information in the time frame.

The company apologized for the interruption of Steam service and to everyone who’s information might have been seen in any way. They’re taking steps to reach out to affected users as well,

“Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.”

It’s definitely alarming that something like this happened, but it certainly isn’t the first time an attack has taken down a gaming service. Another attack took the PlayStation Network offline for over a month in 2011. It sounds like the information seen during the Steam attack was limited, and hopefully anyone affected doesn’t have any issues.

What do you think about the entire Steam ordeal? Were you online at the time of the attack? Let us know what you think about it all in the comments down below.

MORE NEWS


Twinfinite is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Hayes Madsen
Hayes Madsen
A connoisseur of all things RPG related, and always looking for the artistic expression in gaming. His love of Gundam is only matched by his love of Pizza. Playing Games Since: 1991 Favorite Genres: RPGs, JRPGs, Strategy,