Steam acting weird for anyone?

[Vendor-Lazarus]

Can you access your games? Play them? Update them? Install them?
Can other people buy games in your name? Get you banned from Steam and therefor from your games?

 

[1981]

Aw geez! I was browsing the store at my parent's house and wondered why I suddenly appeared to be signed in. Good thing I decided not to risk a trade probation by logging in from a new IP.

 

[Lightspeaker]

(Snip).

Valve's put out no warnings as of yet - it's come from unaffiliated accounts - but the servers were deliberately attacked and taken down according to this:
http://www.techworm.net/2015/12/skidnp-fulfill-their-promise-steam-servers-down.html
http://www.ibtimes.com/steam-playstation-network-down-gamers-report-problems-online-gaming-services-after-2239977

That's a somewhat different issue to the massive security breach of people accessing each other's accounts though. A DDOS doesn't do that. Not deliberately. It is perhaps theoretically possible that the attack broke something on the server but it SEEMS to be something to do with page caching going badly wrong.

Steam hasn't denied the case, and even said to go on PayPal and remove it instead of doing so through Steam.

'Steam' or more specifically Valve hasn't said anything at all to my knowledge, its all been third parties so far. That 'SteamDB' account linked above is a fansite.

Can you access your games? Play them? Update them? Install them?
Can other people buy games in your name? Get you banned from Steam and therefor from your games?

Don't know about the first four (although there were people playing games on my friends list before it went down).

As for the latter two: I'm pretty sure people CAN buy games in your name. Because some people have claimed to do exactly that before realising it wasn't their account. Don't know about banned...can you get banned through Steam store use?

(As a small edit to the above: in the NeoGaf thread that a lot of places are linking someone posted just before a Paypal payment of over two thousand dollars put onto a steam account, apparently not the owner.)


Edit: Paul Tassi over at Forbes is trying to keep this up to date. Looks like what I was saying above - a DDOS doesn't do this but its possible (even likely, based on this article) that the attack caused some kind of major problem with the servers:
http://www.forbes.com/sites/insertcoin/2015/12/25/steam-is-randomly-logging-users-into-other-peoples-accounts-and-exposing-their-information/

 

[Geo Da Sponge]

Well I fucked up by clicking around for ages, and then logging out when I actually realised just how bad it is; but now I presume that I'd just make things even worse logging back in. But still, I guess I'd have to eventually turn off my laptop, and that would mean logging off anyway. So I'm just gonna... Leave it as it is and not touch it at all from this point. And to keep an eye on my card transactions in the meantime.

 

[Barbas]

(Snip).

I don't know to what extent the attack jacked with the servers, but you would appear to be correct if this is anything to go by:
https://steamdb.info/blog/recent-caching-issues-on-steam/

Still no word from Valve, far as I've seen.

 

[Lightspeaker]

Still no word from Valve, far as I've seen.

It is absolutely absurd how bad they are at communication with the public.

It was cute and funny as long as everything was going well but its pretty disgusting that there seems to be no official info even this long after such a massive data breach.

 

[Tohuvabohu]

In all my years using Steam, I've never seen a fuckup as bad as this one. Being able to see into other people's personal information? Hooooly shit.

These past 2 years, I haven't used Steam nearly as much. Mostly because my platform of choice became the PS4. And the PC Gaming I did do was usually outside of Steam to begin with. I don't really see much of a reason to use it lately, and after purchases leading to over 200 games in my account, I have indeed used Steam a lot in years past.

But this in particular makes me never want to use Steam to make purchases again. And given my recent gaming activities, nothing would really be lost.

Valve needs to speak up on this. I'd love to see what they have to say, and the extent of the damages incurred. The fact they've gone silent for this long is already bad enough.

 

[Imperioratorex Caprae]

Well the "totally secure" Steam account myth has been completely busted, no? Gabe boasted about it years ago, now its biting Steam users in the ass... But hey, this is the world we live in, no?
I do hope that this finally opens some people's eyes to Steam and Valve in general as not being the patron saints of gaming. I don't have Valve, but I've never once trusted them completely and I their lack of communication disturbing.

 

[New World Fool]

This might sound like a very silly question but I'll ask anyway. I've had a Steam account for several months, but only recently did I purchase something but my card details weren't saved or anything. Am I safe, or should I still be keeping a close eye on my bank account?

 

[Lightspeaker]

This might sound like a very silly question but I'll ask anyway. I've had a Steam account for several months, but only recently did I purchase something but my card details weren't saved or anything. Am I safe, or should I still be keeping a close eye on my bank account?

I'd keep an eye anyway. Frankly with the amount of screwups I've been reading about (for example: apparently if you go to add a new card it automatically fills in your details...i.e. your name, home address and your telephone number) then I wouldn't put it past this system to be screwed up enough for the card details to be accessible somehow.

It seems UNLIKELY but you never know...

Oh, but when I want to gift a shitty 2 dollar CS:GO item to a friend, I have to log into my email and verify it in case some l33t hax0r broke through my steam guard. Seems logical. Don't worry about peoples bank account details Valve, as long as no one loses their Glock Catacombs battle scarred... Priorities.

To be fair for all the easy to make criticism there is to poke at the whole verification over market transactions thing I CAN understand why. Personally I own a DOTA2 Rainmaker which at present goes for in excess of ?200. >_>


Edit: This website can't handle the pound sign?

Really?

 

[Rad Party God]

It seems like the store is back online (checked with Chrome instead of Steam itself), I dunno if it's safe to... Well, do anything on Steam yet :/

 

[Lightspeaker]

To be fair for all the easy to make criticism there is to poke at the whole verification over market transactions thing I CAN understand why. Personally I own a DOTA2 Rainmaker which at present goes for in excess of ?200. >_>


Edit: This website can't handle the pound sign?

Really?

Yeah, so why not ask for verification on your DOTA 2 Rainmaker instead of bugging everyone for small items with no suspicious account activity before the trade?

I think its because then it becomes a question of "where do you draw the line of when it starts asking for confirmation?"

A pound? Five? Ten? Fifty? How much is too much for the system to allow? Bearing in mind that for some people a hundred quid is nothing and for others as little as a fiver is a lot?

 

[Barbas]

(Snip).

The issue may now be resolved:

https://twitter.com/SteamDB

Stand by for updates and official confirmation.

 

[-Dragmire-]

I really want to check up on my account and see what's changed, but until I get confirmation on what's happening ... I won't dare touch / screw with anything. God dang it Valve, no one will ever look at you the same again with such a breach >_> ...

I just checked all the things I did in my original post and it seems like it's back in order. Account details link to mine and recently viewed link in a browser doesn't bring up a random user's cart/wishlist.

It's safe to wait for an official statement but I don't know if Valve will make one.

 

[Chessrook44]

TotalBiscuit posted up a video about it, for others to peek at.

 

[Godzillarich(aka tf2godz)]

From the twitter account guy who was doing value's job (you rock steamdb) this seem like a simple fuck up on valves part.

Does anyone else smell a lawsuit coming? I mean they Accidentally showed people's information and then was too godamn lazy to tell anyone about this Critical screw up. I think every valve user can sue steam right know.

 

[Rad Party God]

It seems like it was a "read only" issue, even if you were affected by the issue, nobody could modify anything from your account.

[tweet t=https://twitter.com/SteamDB/status/680528031761481728]

Still, it might be wise to change passwords and such.

 

[vallorn]

Gamespot apparently have an official statement of "all is well" from Valve now.
http://www.gamespot.com/articles/steam-issue-allowing-access-to-other-users-account/1100-6433371/
I'd personally ignore Valve and make sure you have a new password and Mobile Authentication in case this happens again.

Thanks to SteamDB for being the press release department that steam deserves, but not the one it needs right now.

 

[TechNoFear]

IISRESET that server Valve, only takes a minute...

 

[Godzillarich(aka tf2godz)]

Gamespot apparently have an official statement of "all is well" from Valve now.
http://www.gamespot.com/articles/steam-issue-allowing-access-to-other-users-account/1100-6433371/
I'd personally ignore Valve and make sure you have a new password and Mobile Authentication in case this happens again.

Thanks to SteamDB for being the press release department that steam deserves, but not the one it needs right now.

all I have to say is Valve better get their lawyers because this shit is going to get real. because as I said before there's no way this is not viable for lawsuit from every single steam user. you just can't accidentally show people's information like that.