Not exactly a Christmas miracle
The SNAFU on Steam that caused users to see certain details about other people’s accounts when logging in on Christmas day is so last year, but in case you were wondering what exactly happened, Valve has provided an explanation.
Valve’s initial statement was that a configuration issue was to cause for the mess. In an updated blog post, Valve said that the error affected around 34,000 Steam users who were able to see “sensitive personal information” about other users on Steam Store pages.
So, what happened? Valve said it started off with a DoS attack on early Christmas morning, which prevented Steam from able to serve up Store pages to users. According to Valve, attacks against the Steam Store and Steam in general “are a regular occurrence.” In most cases, the attacks don’t impact Steam users, but on Christmas day, traffic to the Steam Store spiked 2,000 percent over the average of what it was seeing during the Winter Sale.
“In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic,” Valve explains. “During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.”
It’s true that a hack attempt triggered this whole mess, but it was the way the attack was handled that led to users seeing other people’s information. It also caused the Steam Store to display in other languages.
Information that was coughed up to the wrong eyes included users’ billing addresses, the last four digits of users’ Steam Guard phone number, purchase histories, the last two digits of credit card numbers, and email addresses. Full credit card numbers and user passwords were kept safe during the incident.
“We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service,” Valved added.