Update: Steam Store Reveals Private User Information, Gets Shut Down

Albino Boo

New member
Jun 14, 2010
4,667
0
0
JLF said:
Hope they aren't just building a backdoor for ease of access.
They already have an immense amount of customer support requests now with also governmental requests on top of that. So I would not be surprised that they would try to automate the access for those requests.
The problem was the web cache wasn't clearing properly, so the details of the previous transaction was appearing. Its not grand conspiracy theory, just someone forgot to change the cache away from the engine default in an update.
 

JLF

New member
Mar 2, 2010
51
0
0
albino boo said:
JLF said:
Hope they aren't just building a backdoor for ease of access.
They already have an immense amount of customer support requests now with also governmental requests on top of that. So I would not be surprised that they would try to automate the access for those requests.
The problem was the web cache wasn't clearing properly, so the details of the previous transaction was appearing. Its not grand conspiracy theory, just someone forgot to change the cache away from the engine default in an update.
That good if it was just human error. Even though one would hope errors like that should not be even possible.

And what comes to conspiracy theories the fact is that companies based in the US have an obligation to assist with all information requests which will increase workloads for companies. Especially Valve who has never been known to have a working customer support to date and also has an incredible amount of customers.
 

Albino Boo

New member
Jun 14, 2010
4,667
0
0
JLF said:
albino boo said:
That good if it was just human error. Even though one would hope errors like that should not be even possible.

And what comes to conspiracy theories the fact is that companies based in the US have an obligation to assist with all information requests which will increase workloads for companies. Especially Valve who has never been known to have a working customer support to date and also has an incredible amount of customers.
1. There is no such thing as an error free system. I have worked in the software industry for 20 years and human error is the most common cause of failure.

2. You are unaware of how web engines work. You can access the backend database without any interaction with the web front end. Any backdoor would not show.
 

JLF

New member
Mar 2, 2010
51
0
0
albino boo said:
JLF said:
albino boo said:
That good if it was just human error. Even though one would hope errors like that should not be even possible.

And what comes to conspiracy theories the fact is that companies based in the US have an obligation to assist with all information requests which will increase workloads for companies. Especially Valve who has never been known to have a working customer support to date and also has an incredible amount of customers.
1. There is no such thing as an error free system. I have worked in the software industry for 20 years and human error is the most common cause of failure.

2. You are unaware of how web engines work. You can access the backend database without any interaction with the web front end. Any backdoor would not show.
No offense intended,so in other words the latest problems were a problem that could easily be interpreted as a human error, and also the problem does not give any suspicion to changes to the Valve servers. I appreciate your reply on the matter.
 

blackrave

New member
Mar 7, 2012
2,020
0
0
HA, my paranoia paid off finally
Have 2 bank accounts- primary and secondary
Secondary is dedicated to internet payments and is usually empty
Whenever I need to purchase something via internet, I transfer money from primary to secondary
Works like a charm.
 

shintakie10

New member
Sep 3, 2008
1,342
0
0
Areloch said:
Steam only displays the last digits of the phone and any credit card info, so it's unlikely that anyone's data is directly compromised.

I believe the worst is the account name and the address data could be seen, but that doesn't directly compromise people's billing info(though still not a good thing).
There's more that you can see than that though.

Home Address (well, technically billing address). Full name. You get the last 4 of the phone number so you can easily narrow somethin down between that and the area code from the billing address. Email address.

Considerin a lot of people do the things that everyone tells you is a nono (use the same email address for everythin, use easily guessable passwords, using the same password for everythin), any number of things could have been horribly compromised with that.

Lets not downplay this. This was a major fuckup that showed peoples personal information for no reason. What possible reason would Steam need to cache someones account details in such a way?

Not only that, but there was straight radio silence the entire time it was happening. The only reason people even knew what to do was a completely unaffiliated group told everyone what to do, even calling Valve out by saying they shouldn't be the ones having to do this but Valve was completely failing to do anything so they had to step up.
 

Vigormortis

New member
Nov 21, 2007
4,531
0
0
Siesta45 said:
"removing any stored credit card information from your account"

https://twitter.com/GuerrillaDawg/status/680500791262720000

More sites that can't fact check and absolutely have to get a story up immediately regardless of accuracy.

It's a caching issue if you delete it or use it that's what's being shown, that's the entire issue. DON'T MIS-INFORM YOUR READERS WITH THIS CRAP
Fact checking? In a Steven Bogus Bogos article?

Surely you jest. Is this opposite day or something?

. . . . . . . . . . . . . . . . .

In all seriousness, the article is just grossly irresponsible. It suggests doing the very thing that could put your account in danger. And this isn't the first time Bogos has submitted an article like this.

How this guy is still published here is absolutely beyond me. It truly boggles the mind.
 

Vendor-Lazarus

Censored by Mods. PM for Taboos
Mar 1, 2009
1,201
0
0
I have never liked steam and I hope that this at least opens a few eyes into everything wrong about the current system.
This was a tiny error, but constituted a huge privacy invasion. and not a word from steam about it.
What if the next time you can't access your bought games... or update them, install them, even play them?
I thought this would generate a great deal more of a reaction frankly.

Then again, "don't bite the hand that feeds you"... .. .right?
 

insanelich

Reportable Offender
Sep 3, 2008
443
0
0
Vigormortis said:
Siesta45 said:
"removing any stored credit card information from your account"

https://twitter.com/GuerrillaDawg/status/680500791262720000

More sites that can't fact check and absolutely have to get a story up immediately regardless of accuracy.

It's a caching issue if you delete it or use it that's what's being shown, that's the entire issue. DON'T MIS-INFORM YOUR READERS WITH THIS CRAP
Fact checking? In a Steven Bogus Bogos article?

Surely you jest. Is this opposite day or something?

. . . . . . . . . . . . . . . . .

In all seriousness, the article is just grossly irresponsible. It suggests doing the very thing that could put your account in danger. And this isn't the first time Bogos has submitted an article like this.

How this guy is still published here is absolutely beyond me. It truly boggles the mind.
Agreed. Some rudimentary fact-checking before recommending "security measures" would be greatly appreciated.
 

Mr.Mattress

Level 2 Lumberjack
Jul 17, 2009
3,645
0
0
Considering Steam just forced me to get a Phone App meant to protect my account from being hacked, delaying my ability to purchase items from/trade them on TF2, I find it odd that Steam seems to have screwed up somewhere and an issue like this happened. Luckily for me, I purchased no game on Christmas (I did get the first episode of King's Quest when the sale started), and I didn't have a Credit Card signed up to my account.

I guess I'll just have to wait until Tomorrow or Monday to get Undertale...
 

Scarim Coral

Jumped the ship
Legacy
Oct 29, 2010
18,157
2
3
Country
UK
I'm assuming I'm safe for now due to no email of any purchasing being made nor was there any recent transaction on my bank account (in saying so it usualy take a day or so to show up online). In saying so I had delete my card info on steam to be on the safe now (I suppose it was a good thing I didn't buy any of the sales at the moment).

In saying so ain't some of us are still safe due to the security card numbers (the final safe guard) cos that one is NEVER store on any card info or has this leaked reveal it when you made a recent purchase?
 
Sep 14, 2009
9,073
0
0
lol jeesh, by pure coincidence I brought my tower back to my parents house with me for christmas (bought a new mobo/cpu, was gonna install it and give my parents rig the old parts) and have been out of the nerd world for a couple of days, what luck to find out I missed on out on this debacle. Hopefully steam gets some solid backlash for this
 

Fappy

\[T]/
Jan 4, 2010
12,010
0
41
Country
United States
Soooo, are they going to send out an email or anything? This is some seriously unprofessional shit. They accidentally spill confidential information about their users and they're not even going to inform them?

What the fuck happened to Valve?
 

Something Amyss

Aswyng and Amyss
Dec 3, 2008
24,759
0
0
I dislike the way the story basically says "even though we can't confirm anything happened, you should probably remove credit card information."

And the way that it was cautioning people to do this even when other people were suggesting that it would put them at risk.

Fappy said:
Soooo, are they going to send out an email or anything? This is some seriously unprofessional shit. They accidentally spill confidential information about their users and they're not even going to inform them?

What the fuck happened to Valve?
I don't know, but I remember the days of that Sony shutdown, and everyone swearing up and down that Valve would never ever do this....

I'm not sure they ever changed. It's just that the blind faith people had in them has slowly been eroded. Valve's always been a shitty, anti-consumer company with policies that screwed us even as their face smiled and told us how valued we were. This just strikes me as a more obvious version of the same.
 

Kameburger

Turtle king
Apr 7, 2012
574
0
0
and these were the guys asking me to send them a scanned copy of my passport.... Yeah to hell with that idea.
 

direkiller

New member
Dec 4, 2008
1,655
0
0
shintakie10 said:
What possible reason would Steam need to cache someones account details in such a way?
Because it's how HTTP works.
It needs to take in inputs from you and/or it's storage server before building the page to send to you. It builds the page in a cache.

Normally it's declared not usable and promptly removed from the cache. For whatever reason it was not removing it or was very slow to remove it, so when the server tried to use that same cache memory it sent out the old data.


Couple of things to keep in mind.

1. This would effect you regardless of if you store information on there site.

2. This only effected users that were on shortly before and during the problems.

3. Trying to remove information during this type of problem can only increase your chances of people seeing your information. because you are creating more pages with your information in the cache.
 

Godzillarich(aka tf2godz)

Get the point
Legacy
Aug 1, 2011
2,946
523
118
Cretaceous
Country
USA
Gender
Dinosaur
Something Amyss said:
Fappy said:
Soooo, are they going to send out an email or anything? This is some seriously unprofessional shit. They accidentally spill confidential information about their users and they're not even going to inform them?

What the fuck happened to Valve?
I don't know, but I remember the days of that Sony shutdown, and everyone swearing up and down that Valve would never ever do this....

I'm not sure they ever changed. It's just that the blind faith people had in them has slowly been eroded. Valve's always been a shitty, anti-consumer company with policies that screwed us even as their face smiled and told us how valued we were. This just strikes me as a more obvious version of the same.
you know at least when Sony fucked up the attack was out of their control, at least they had the balls to admit they fucked up and gave us free stuff in return. What did Valve do after they almost Fucked over the lives of most of their consumer. they stuck their fingers into their ears and went lalallalalalalalalalalal. This truly pisses me off that they didn't have the balls to help their uses and admit they messed up. they could've accidentally shown everyone passwords and credit card information due to their own incompetence and they're just going to pretend it never happened.
 

krystalphoenix

New member
Sep 5, 2015
43
0
0
I wondered why, when logging in yesterday, that all my card details had gone. My credit card company is very good and e-mails me within 6 hours of a purchase being made with an option of "this purchase was not made by me". So I know nothing was bought. Alarming not to have had an notice of said actions about removal of details though.
 

Strelok

New member
Dec 22, 2012
494
0
0
tf2godz said:
you know at least when Sony fucked up the attack was out of their control, at least they had the balls to admit they fucked up and gave us free stuff in return.
Are you being serious? The Sony attack started April 17th to the 19th, Sony shut down PSN the 20th, then didn't even admit that 77 million PSN accounts, complete credit card info, address, full name, etc. had been released into the wild by lulsec until May 4th. Sony had to report to the US House of Representatives for such a massive personal information breach and to explain the delay in reporting the personal information breach to customers. Also no passwords were shown in this problem Valve had, also no credit card info beyond the last four digits. Sony released all your info into the wild, their response? Sorry for the delay and huge outage, here's a few cheap games limit of two per platform. I think I played one of them.
 

Something Amyss

Aswyng and Amyss
Dec 3, 2008
24,759
0
0
tf2godz said:
you know at least when Sony fucked up the attack was out of their control, at least they had the balls to admit they fucked up and gave us free stuff in return.
That was the complaint, actually: Sony initially hid it, and then tried to downplay it. They gave us free stuff as a "make it go away" sort of deal.

And Valve fans swore up and down that Valve would never, ever, ever do something like that and they would totally tell us if our security might be compromised. I doubted it then, and it seems there was some reality to that.