I should be on my way to spend Christmas with my family, but instead I'm refreshing my Steam account information wide-eyed and baffled. Something has gone very wrong, and the Steam Store is showing users the private information of other accounts, including partial credit card numbers, email addresses, balance and purchase history. To complete the dystopian computer-gone-rogue vibe, it's also sometimes loading in different languages.
Multiple PC Gamer writers have confirmed seeing other people's Store details, and the internet is awash with similar reports. Freaked out that I saw the last two digits of someone's credit card number, their email address, and their purchase history, I closed Steam hoping that avoiding it will somehow keep my account safe. Unsurprisingly, the Store now appears to be offline.
SteamDB speculates the problem was caused with a caching issue (opens in new tab), and recommends that no one use the Steam Store until it's resolved. I don't have the technical expertise to offer an alternative explanation, so for now, I'd recommend avoiding the Store entirely until Valve makes a statement. The official Steam support Twitter account (opens in new tab) has said nothing yet, but we'll update with more as it happens. Mince pies permitting.
"We've gotten reports that people sometimes see other people's account information on the account page. Valve has been made aware of this and are working on a fix.
Some frequently asked questions:
- No, Steam is not hacked
- Creditcard info and phone numbers are, as required by law, censored and not visible to users"
Well, that's a relief. For a moment we worried Valve might not be aware of the four-alarm fire currently occurring in relation to its ecommerce platform. Hopefully they'll be an official response soon. Ideally after we've had dessert.
Update #2: Dessert has been digested, naps have been had, and Steam, in the form of both servers and Store, are once again operational. We also now have Valve's official word on the matter, as supplied to several outlets via email:
"Steam is back up and running without any known issue.As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."
Happy Cachemas, everybody!
Update #3: That's the last word from Valve so far.Though no"action" may have occurred on accounts, such as unwantedpurchases,personal information was leaked, including names, email addresses, andpartialcredit card and phone numbers. That information can be used for fraud and phishing, so while "no additional action" may be needed to secure your Steamaccount, there is cause for vigilance. We've reached out to Valve with questions regarding the scope (how many users had information compromised) and what its plans are for notifying thoseaffected directly.