VALVE have shared a full statement on what happened to their Steam service on December 25 and how many people may have been affected.
 
VALVE: Up to 34,000 Steam users' personal information may have been exposed to others
Valve have explained more on what happened to Steam on December 25
 
Up to 34,000 users could have exposed sensitive personal information by logging in between 7:50pm and 9:20pm, UK time.
The user must have visited a page on the Steam Store containing their info during this period to have been exposed.
An configuration error led to the mistake, allowing details to be shown to other users, the people who have been affected will be contacted by Valve.
 
VALVE: Up to 34,000 Steam users' personal information may have been exposed to others
The Steam Sale continues
 
It was discovered that a DDOS attack in the early hours was the root of the issue that led to a Steam Store caching configuration acting incorrectly with web traffic for authenticated users.
"Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users," A Valve statement reads.
"During the Christmas attack, traffic to the Steam store increased 2000% over the average traffic during the Steam Sale.
 
"In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic.
"During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users.
"Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
 
"Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed.
"The Steam Store remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.
"Store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
"The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address.
"These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user."

Post a Comment Blogger Disqus

 
Top