PSA: Steam servers hacked?

DF-1

2[H]4U
Joined
Jun 17, 2011
Messages
2,625
yep, steam is completely fucked up right now. i recommend that no body buys anything or tries to make account adjustments atm. Hopefully you guys have the basic email steamguard protection.
 

anon

Limp Gawd
Joined
Jan 26, 2011
Messages
154
My biggest question is still whether it's a technical error or planned attack. Christmas day seems like the perfect time to strike with tons of Steam gift cards being loaded today and likely lack of staff available to resolve such an issue.
 

MrAgmoore

[H]ard|Gawd
Joined
Jun 5, 2008
Messages
2,002
Because I game 24 / 7 I noticed that my store page was in a foreign currency and language. I clicked on my account details and saw a random name, email address, masked out credit card number. I clicked on my purchase history and saw CS: GO ( CS:GO is shit - I'd never buy that; I played it for 2 hours on a free weekend a year ago or something ).

I took a screenshot and was going to mail Steam but then I thought... wait a second, this is a huge breach of information... what if Steam was hacked and this is global? That's how I found the news articles.

Since then every time I exit and relogin to Steam ( my account is set to autologin password details ) and click on my account, I get a random name and random private information.

I tried to pretend-buy Vermintide and was blocked by Steam.

---------------------------------

I just posted this on Facebook:

Steam, PlayStation Network Down: Gamers Report Problems With Online Gaming Services After Hackers Promised Christmas Cyberattack

BY ABIGAIL ABRAMS @ABBYABRAMS ON 12/25/15 AT 3:37 PM

http://www.ibtimes.com/steam-playst...problems-online-gaming-services-after-2239977

Steam down on Christmas Day; Users able to log-in as other users, personal info at risk [Update]
By Jack Wilkinson @TheJackah · 3 hours ago · HOT!

http://www.neowin.net/news/steam-down-on-christmas-day-amid-fears-of-ddos-attack
 

anon

Limp Gawd
Joined
Jan 26, 2011
Messages
154
Yikes, good find MgAgmoore. The best advice for everyone to follow is to NOT request pages from anything on Steam. What this does is generate a page request that will likely go to someone else. Those who didn't touch Steam today will be safest.
 

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
19,038
Steam has some of the best security outside of the federal government so these hackers must be really good...not logging into Steam or PSN until this is resolved...they probably blocked all purchases until this is fixed
 

LurkerLito

2[H]4U
Joined
Dec 5, 2007
Messages
2,286
I am still logged in now and have been for hours, but I can't access the store page so it is basically down, though I can still play games.
 

anon

Limp Gawd
Joined
Jan 26, 2011
Messages
154
I am still logged in now and have been for hours, but I can't access the store page so it is basically down, though I can still play games.
Library should be OK. Just avoid any other pages at all costs.
 

anon

Limp Gawd
Joined
Jan 26, 2011
Messages
154
Yup. Every time you try to fetch a page from Steam, it's going to be sent to someone else. Not good.
 

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
19,038
http://www.inquisitr.com/2657285/steam-suffers-massive-data-breach-not-caused-by-hackers/

I had my account on for about 2-3 hours today. Shut it down around 5pm Eastern.

What do I need to do and how concerned do I need to be? I didn't click on any pages. Just fired up a game and played it.

don't use your account until confirmation that the issue is fixed...keep track of your account and make sure no unauthorized purchases were made...you can also change your password to play it super safe

so it wasn't hackers and was a Valve cache issue?...so Valve accidentaly caused this themselves?
 

Derangel

Fully [H]
Joined
Jan 31, 2008
Messages
19,458
don't use your account until confirmation that the issue is fixed...keep track of your account and make sure no unauthorized purchases were made...you can also change your password to play it super safe

so it wasn't hackers and was a Valve cache issue?...so Valve accidentaly caused this themselves?

That's what it sounds like. This is a huge mark against Valve if it really is their fault.
 

Q-BZ

Fully [H]
Joined
Sep 28, 2007
Messages
18,844
These are interesting tweets:

ValveTime Retweeted
Steam Database ‏@SteamDB 2h2 hours ago

.@Totalbiscuit Our research indicates that it was not possible to do any actions on behalf of other users.
View conversation
104 retweets 178 likes
ValveTime Retweeted
Steam Database ‏@SteamDB 2h2 hours ago

.@Totalbiscuit Now that the issue is resolved, we have even more proof indicating that this was a read-only caching issue.
View conversation
149 retweets 224 likes
ValveTime Retweeted
Steam Database ‏@SteamDB 2h2 hours ago

It looks like the caching issue was resolved. We'll tweet updates if we have any. Stay safe!

ValveTime ‏@ValveTime 2h2 hours ago

Our #Steam login problems are now solved, and the Account Details page now successfully verifies the profile before loading any secure info.

This should always happen at all times.
 

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
19,038
that's why I never store my credit card/Paypal info on any website...I don't mind taking an extra minute or 2 to type in that info every time I use it
 

piscian18

[H]F Junkie
Joined
Jul 26, 2005
Messages
11,021
It's funny I haven't been on steam other than playing so I didn't even notice.
 

MrAgmoore

[H]ard|Gawd
Joined
Jun 5, 2008
Messages
2,002

anon

Limp Gawd
Joined
Jan 26, 2011
Messages
154
It's funny I haven't been on steam other than playing so I didn't even notice.
That's a good thing. Your curiosity would have likely made you click on things exposing info.

Steam Is Randomly Logging Users Into Other People's Accounts And Exposing Their Information [Update]

DEC 25, 2015 @ 04:17 PM

http://www.forbes.com/sites/insertc...ples-accounts-and-exposing-their-information/

[Update] Valve Says 'No Unauthorized Actions' Were Enabled On Improperly Viewed Steam Accounts
psa
by Mike Futter on December 25, 2015 at 07:32 PM

http://www.gameinformer.com/b/news/...ng-security-issues-extent-as-yet-unclear.aspx

Valve Says 'No Unauthorized Actions' Were Enabled On Improperly Viewed Steam Accounts

I hope they really stand by this. :rolleyes:
 

PersonalJ

[H]ard|Gawd
Joined
Oct 2, 2010
Messages
1,795
That's a good thing. Your curiosity would have likely made you click on things exposing info.



Valve Says 'No Unauthorized Actions' Were Enabled On Improperly Viewed Steam Accounts

I hope they really stand by this. :rolleyes:

This will probably end up with a class action lawsuit like with the PSN breach. Valve also knew about the issue but didn't post anything official on any of their social media pages or valve owned websites. I assume they took this route because it's a busy gaming holiday and the sale is going on.
 
Last edited:

squishy

[H]ard|Gawd
Joined
May 25, 2006
Messages
1,207
If the assessment I'm seeing is correct, this will be a near non-issue. The displaying of personal info is obviously bad, but it doesn't seem like there's a way for an account or CC to be compromised.

Remember kids, 2 factor auth on anything and everything that supports it.
 

Zuul

Gawd
Joined
Jan 7, 2013
Messages
850
This will problem end up with a class action lawsuit like with the PSN breach. Valve also knew about the issue but didn't post anything official on any of their social media pages or valve owned websites. I assume they took this route because it's a busy gaming holiday and the sale is going on.

If that's the case, then fuck vAlve. They should inform everyone immediately no matter how busy a gaming holiday is. I for one am not ready to take a potential ass-pounding just because vAlve doesn't want to disturb the peace.
 

Converge

[H]ard|Gawd
Joined
Mar 4, 2005
Messages
1,254
I checked my shit and I don't save any cards through steam. I thought that was the case but wanted to make sure. Exactly for reasons like this I do not typically save my cards online. I also only used paypal for every steam transaction. Also changed my password just in case. Thanks for the heads up.
 

Yakk

Supreme [H]ardness
Joined
Nov 5, 2010
Messages
5,810
Hmm, website is up, but inside the client I just get nothing. Odd.
Nvm, maybe just servers hammered at update time.
 
Last edited:
Joined
May 19, 2008
Messages
779
Store is up for me, maybe it's because I live 4.3 miles away(according to Google maps).

If Valve knew there were problems and didn't say or act on them, then I am disappointed in them.
 

Yakk

Supreme [H]ardness
Joined
Nov 5, 2010
Messages
5,810
Valve PR is doing is best to downplay what happened, but make no mistake this was a MAJOR screwup on Valve's part. Very near catastrophic for all their userbase.
 

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
19,038
here's a great video explaining what exactly went wrong with Steam yesterday from a technical but easy to understand standpoint...

https://www.youtube.com/watch?v=dkSslseq9Y8

I wouldn't want to be that guy who changed that server setting and caused the chain reaction screwup...will probably be looking for a new job over the Holidays...
 

piscian18

[H]F Junkie
Joined
Jul 26, 2005
Messages
11,021
here's a great video explaining what exactly went wrong with Steam yesterday from a technical but easy to understand standpoint...

https://www.youtube.com/watch?v=dkSslseq9Y8

I wouldn't want to be that guy who changed that server setting and caused the chain reaction screwup...will probably be looking for a new job over the Holidays...

I have trouble believing it was human hands. It this was the case I would guess one the cache servers in the cluster was overloaded and stopped exchanging/updating it's database. I'm not familiar enough with page caching to argue the point though.
 

Jellylesg

2[H]4U
Joined
Jan 15, 2010
Messages
2,283
If the assessment I'm seeing is correct, this will be a near non-issue. The displaying of personal info is obviously bad, but it doesn't seem like there's a way for an account or CC to be compromised.

Remember kids, 2 factor auth on anything and everything that supports it.

There's enough information between phone number, name, address and what little card details are visible for someone to use it to phish (or whatever would be the right term in this case) if they get a CSA on the phone who doesn't care much... like it's christmas or something. ID theft can occur with less information, in competent hands. I had a ~$200 fraudulent purchase made on my account the same day this started, and am now having to go through the hassle of getting our cards blocked and replacements sent. Waiting to see if I'll get the money back, still.

I think the main issue is till the fact that Valve made no attempt to inform people or offer advice or even acknowledge it in progress, and in fact seemingly went the other way by maintaining silence on it, which it seems fair to view as an attempt to downplay it. It gave the impression that they would rather not do anything to disrupt the holiday sales, in preference over serving and protecting their customers. But then their customers have never really seemed like a high priority to them at any point over the last decade. I'm still not totally buying the "caching error" explanation. Given their attempts at damage control yesterday, that just sounds like more of the same.
 
Last edited:

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
19,038
I'm still not totally buying the "caching error" explanation. Given their attempts at damage control yesterday, that just sounds like more of the same.

it does seem odd that this caching error occurs on the day that a hacker group had planned a DDoS attack on Steam, PSN etc...it also happening on Christmas Day right in the middle of what is arguably their biggest sale of the year also seems fishy...luckily I never store any CC info on any site but it's more the principle that this could happen and Valve trying to downplay the significance of it
 
Top