In Update 3 Steam Issue Allowing Access to Other Users’ Accounts
Update 3: Valve has issued a statement regarding today’s issues.
“Steam is back up and running without any known issues,” a Valve spokesperson told GameSpot. “As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”
Update 2: Steam appears to be back online, and the issues have seemingly been resolved. Valve has still yet to release any kind of official statement regarding today’s incident.
Update: It now looks as if the Steam store may be down; numerous users, myself included, are unable to access it and are receiving an error when attempting to do so.
Also, while it’s still unclear what’s going on, Steam tracking website Steam Database has suggested this is all due to a caching issue. That said, the site recommends not attempting to remove your credit card, PayPal account, or anything of the sort. Whether that is indeed the best course of action remains to be seen, as Valve has still yet to officially comment on the situation.
Original Story: While there were concerns ahead of Christmas that hackers might take down services like PSN and Xbox Live, it appears that Steam may be the one having the most serious issues today.
Numerous users are reporting a pair of seemingly related problems. First, the Steam store’s homepage is displaying in a language other than their own (in my case, it appears in Russian). More seriously, going to the Account Details page–accessed by clicking your username in the upper right corner–offers access to the page for other users’ accounts.
I’ve personally seen more than one user’s account information in this way. While it’s unclear exactly what this mixup allows to happen, at the very least, it allows you to see things like the person’s email address, Steam Wallet money, and purchase history. Using Steam Guard and the Steam Mobile Authenticator–two tools for protecting your Steam account–both appear to be doing nothing to prevent this: Two accounts I’ve been shown the information shown for have been equipped with one or the other.
It’s unclear what the cause of this is. As of yet, there’s no evidence that hackers are responsible.
Whatever the case, some users are openly wondering why Valve has yet to take Steam offline until a fix can be implemented. We’ve contacted Valve to find out more and to see what it’s plan is for resolving the issues.