PSA: Steam servers hacked?

yep, steam is completely fucked up right now. i recommend that no body buys anything or tries to make account adjustments atm. Hopefully you guys have the basic email steamguard protection.
 
My biggest question is still whether it's a technical error or planned attack. Christmas day seems like the perfect time to strike with tons of Steam gift cards being loaded today and likely lack of staff available to resolve such an issue.
 
Because I game 24 / 7 I noticed that my store page was in a foreign currency and language. I clicked on my account details and saw a random name, email address, masked out credit card number. I clicked on my purchase history and saw CS: GO ( CS:GO is shit - I'd never buy that; I played it for 2 hours on a free weekend a year ago or something ).

I took a screenshot and was going to mail Steam but then I thought... wait a second, this is a huge breach of information... what if Steam was hacked and this is global? That's how I found the news articles.

Since then every time I exit and relogin to Steam ( my account is set to autologin password details ) and click on my account, I get a random name and random private information.

I tried to pretend-buy Vermintide and was blocked by Steam.

---------------------------------

I just posted this on Facebook:

Steam, PlayStation Network Down: Gamers Report Problems With Online Gaming Services After Hackers Promised Christmas Cyberattack

BY ABIGAIL ABRAMS @ABBYABRAMS ON 12/25/15 AT 3:37 PM

http://www.ibtimes.com/steam-playst...problems-online-gaming-services-after-2239977

Steam down on Christmas Day; Users able to log-in as other users, personal info at risk [Update]
By Jack Wilkinson @TheJackah · 3 hours ago · HOT!

http://www.neowin.net/news/steam-down-on-christmas-day-amid-fears-of-ddos-attack
 
Yikes, good find MgAgmoore. The best advice for everyone to follow is to NOT request pages from anything on Steam. What this does is generate a page request that will likely go to someone else. Those who didn't touch Steam today will be safest.
 
Steam has some of the best security outside of the federal government so these hackers must be really good...not logging into Steam or PSN until this is resolved...they probably blocked all purchases until this is fixed
 
I am still logged in now and have been for hours, but I can't access the store page so it is basically down, though I can still play games.
 
I am still logged in now and have been for hours, but I can't access the store page so it is basically down, though I can still play games.
Library should be OK. Just avoid any other pages at all costs.
 
Yup. Every time you try to fetch a page from Steam, it's going to be sent to someone else. Not good.
 
http://www.inquisitr.com/2657285/steam-suffers-massive-data-breach-not-caused-by-hackers/

I had my account on for about 2-3 hours today. Shut it down around 5pm Eastern.

What do I need to do and how concerned do I need to be? I didn't click on any pages. Just fired up a game and played it.

don't use your account until confirmation that the issue is fixed...keep track of your account and make sure no unauthorized purchases were made...you can also change your password to play it super safe

so it wasn't hackers and was a Valve cache issue?...so Valve accidentaly caused this themselves?
 
don't use your account until confirmation that the issue is fixed...keep track of your account and make sure no unauthorized purchases were made...you can also change your password to play it super safe

so it wasn't hackers and was a Valve cache issue?...so Valve accidentaly caused this themselves?

That's what it sounds like. This is a huge mark against Valve if it really is their fault.
 
These are interesting tweets:

ValveTime Retweeted
Steam Database ‏@SteamDB 2h2 hours ago

.@Totalbiscuit Our research indicates that it was not possible to do any actions on behalf of other users.
View conversation
104 retweets 178 likes
ValveTime Retweeted
Steam Database ‏@SteamDB 2h2 hours ago

.@Totalbiscuit Now that the issue is resolved, we have even more proof indicating that this was a read-only caching issue.
View conversation
149 retweets 224 likes
ValveTime Retweeted
Steam Database ‏@SteamDB 2h2 hours ago

It looks like the caching issue was resolved. We'll tweet updates if we have any. Stay safe!

ValveTime ‏@ValveTime 2h2 hours ago

Our #Steam login problems are now solved, and the Account Details page now successfully verifies the profile before loading any secure info.

This should always happen at all times.
 
that's why I never store my credit card/Paypal info on any website...I don't mind taking an extra minute or 2 to type in that info every time I use it
 
It's funny I haven't been on steam other than playing so I didn't even notice.
 
It's funny I haven't been on steam other than playing so I didn't even notice.
That's a good thing. Your curiosity would have likely made you click on things exposing info.

Steam Is Randomly Logging Users Into Other People's Accounts And Exposing Their Information [Update]

DEC 25, 2015 @ 04:17 PM

http://www.forbes.com/sites/insertc...ples-accounts-and-exposing-their-information/

[Update] Valve Says 'No Unauthorized Actions' Were Enabled On Improperly Viewed Steam Accounts
psa
by Mike Futter on December 25, 2015 at 07:32 PM

http://www.gameinformer.com/b/news/...ng-security-issues-extent-as-yet-unclear.aspx

Valve Says 'No Unauthorized Actions' Were Enabled On Improperly Viewed Steam Accounts

I hope they really stand by this. :rolleyes:
 
That's a good thing. Your curiosity would have likely made you click on things exposing info.



Valve Says 'No Unauthorized Actions' Were Enabled On Improperly Viewed Steam Accounts

I hope they really stand by this. :rolleyes:

This will probably end up with a class action lawsuit like with the PSN breach. Valve also knew about the issue but didn't post anything official on any of their social media pages or valve owned websites. I assume they took this route because it's a busy gaming holiday and the sale is going on.
 
Last edited:
If the assessment I'm seeing is correct, this will be a near non-issue. The displaying of personal info is obviously bad, but it doesn't seem like there's a way for an account or CC to be compromised.

Remember kids, 2 factor auth on anything and everything that supports it.
 
This will problem end up with a class action lawsuit like with the PSN breach. Valve also knew about the issue but didn't post anything official on any of their social media pages or valve owned websites. I assume they took this route because it's a busy gaming holiday and the sale is going on.

If that's the case, then fuck vAlve. They should inform everyone immediately no matter how busy a gaming holiday is. I for one am not ready to take a potential ass-pounding just because vAlve doesn't want to disturb the peace.
 
I checked my shit and I don't save any cards through steam. I thought that was the case but wanted to make sure. Exactly for reasons like this I do not typically save my cards online. I also only used paypal for every steam transaction. Also changed my password just in case. Thanks for the heads up.
 
Hmm, website is up, but inside the client I just get nothing. Odd.
Nvm, maybe just servers hammered at update time.
 
Last edited:
Store is up for me, maybe it's because I live 4.3 miles away(according to Google maps).

If Valve knew there were problems and didn't say or act on them, then I am disappointed in them.
 
Valve PR is doing is best to downplay what happened, but make no mistake this was a MAJOR screwup on Valve's part. Very near catastrophic for all their userbase.
 
here's a great video explaining what exactly went wrong with Steam yesterday from a technical but easy to understand standpoint...

https://www.youtube.com/watch?v=dkSslseq9Y8

I wouldn't want to be that guy who changed that server setting and caused the chain reaction screwup...will probably be looking for a new job over the Holidays...
 
here's a great video explaining what exactly went wrong with Steam yesterday from a technical but easy to understand standpoint...

https://www.youtube.com/watch?v=dkSslseq9Y8

I wouldn't want to be that guy who changed that server setting and caused the chain reaction screwup...will probably be looking for a new job over the Holidays...

I have trouble believing it was human hands. It this was the case I would guess one the cache servers in the cluster was overloaded and stopped exchanging/updating it's database. I'm not familiar enough with page caching to argue the point though.
 
If the assessment I'm seeing is correct, this will be a near non-issue. The displaying of personal info is obviously bad, but it doesn't seem like there's a way for an account or CC to be compromised.

Remember kids, 2 factor auth on anything and everything that supports it.

There's enough information between phone number, name, address and what little card details are visible for someone to use it to phish (or whatever would be the right term in this case) if they get a CSA on the phone who doesn't care much... like it's christmas or something. ID theft can occur with less information, in competent hands. I had a ~$200 fraudulent purchase made on my account the same day this started, and am now having to go through the hassle of getting our cards blocked and replacements sent. Waiting to see if I'll get the money back, still.

I think the main issue is till the fact that Valve made no attempt to inform people or offer advice or even acknowledge it in progress, and in fact seemingly went the other way by maintaining silence on it, which it seems fair to view as an attempt to downplay it. It gave the impression that they would rather not do anything to disrupt the holiday sales, in preference over serving and protecting their customers. But then their customers have never really seemed like a high priority to them at any point over the last decade. I'm still not totally buying the "caching error" explanation. Given their attempts at damage control yesterday, that just sounds like more of the same.
 
Last edited:
I'm still not totally buying the "caching error" explanation. Given their attempts at damage control yesterday, that just sounds like more of the same.

it does seem odd that this caching error occurs on the day that a hacker group had planned a DDoS attack on Steam, PSN etc...it also happening on Christmas Day right in the middle of what is arguably their biggest sale of the year also seems fishy...luckily I never store any CC info on any site but it's more the principle that this could happen and Valve trying to downplay the significance of it
 
Back
Top