Dual Pixels
  • News
  • PlayStation
  • Xbox
  • Nintendo
  • PC
  • TV
  • Originals
  • Review
No Result
View All Result
  • News
  • PlayStation
  • Xbox
  • Nintendo
  • PC
  • TV
  • Originals
  • Review
No Result
View All Result
Dual Pixels
No Result
View All Result
Home News

Valve Addresses Christmas Steam Security Issue

Rob Hernandez by Rob Hernandez
December 30, 2015
in News, PC
0 0
0
Valve Addresses Christmas Steam Security Issue
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Christmas day for a lot of folks was about good times with family friends and playing with the presents under the tree, but some got a little more than they bargained. A flaw in how pages are cached on Steam’s servers allowed users to see others’ personal data. Valve said that only limited information was visible and that no unauthorized actions were taken. The full explanation is below.

We’d like to follow up with more information regarding Steam’s troubled Christmas.

What happened

On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.

How it happened

Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. During the Christmas attack, traffic to the Steam store increased 2000{3a19833c997fa52158a43c449fe089ff048ac0506a335cac10721cfa396ff282} over the average traffic during the Steam Sale.

In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.

Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. The Steam Store remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.

We will continue to work with our web caching partner to identify affected users and to improve the process used to set caching rules going forward. We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.

Source.

Tags: PCsecuritySteamValveWinter Sale
Previous Post

Mass Effect Andromeda Director Leaves Bioware

Next Post

Final Fantasy IX Coming to PC, iOS, Android

Rob Hernandez

Rob Hernandez

Rob's been gaming since he was a wee lad. It all started with a NES, and a Super Mario Bros./Duck Hunt combo cart one Christmas morning. Since then, he's been an avid lover of all things video. He also likes comics, manga, movies, long walks on the beach, candlelit dinners and dogs. Rob is also quite adept at speaking in the third person.

Next Post
Final Fantasy IX Coming to PC, iOS, Android

Final Fantasy IX Coming to PC, iOS, Android

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
Back 4 Blood Gameplay Showcase

Back 4 Blood Gameplay Showcase

December 17, 2020
The King of Fighters XV Meitenkun Trailer

The King of Fighters XV Meitenkun Trailer

January 20, 2021
CD Projekt Red’s Troubling Representation of Trans People In Cyberpunk 2077 Marketing

CD Projekt Red’s Troubling Representation of Trans People In Cyberpunk 2077 Marketing

December 11, 2020
Sheila of Bright Memory

BRIGHT MEMORY IMPRESSIONS (XBOX SERIES X)

November 17, 2020
Update: Nintendo NX Controller Leaked Photo

Update: Nintendo NX Controller Leaked Photo

98
Rumor: Information On Next Gen Pokemon Games, Dubbed “Pokemon Plus” & “Pokemon Minus”

Rumor: Information On Next Gen Pokemon Games, Dubbed “Pokemon Plus” & “Pokemon Minus”

72
Rumor: Next COD Dubbed “Bloodline”, Activision Entangled in Nintendo NX

Rumor: Next COD Dubbed “Bloodline”, Activision Entangled in Nintendo NX

67
Possible Leaked Super Smash Bros. Character Screen Reveals Full Roster

Possible Leaked Super Smash Bros. Character Screen Reveals Full Roster

64
Xbox Live Gold Is Up, Goodwill is Down (update)

Xbox Live Gold Is Up, Goodwill is Down (update)

January 22, 2021
Resident Evil Village Releasing May 7th  + More Details

Resident Evil Village Releasing May 7th + More Details

January 21, 2021
Resident Evil Re:Verse Revealed

Resident Evil Re:Verse Revealed

January 21, 2021
Meet Your Allstars In Sony’s Free February PS Plus Game Destruction AllStars

Meet Your Allstars In Sony’s Free February PS Plus Game Destruction AllStars

January 21, 2021

Recommended

Xbox Live Gold Is Up, Goodwill is Down (update)

Xbox Live Gold Is Up, Goodwill is Down (update)

January 22, 2021
Resident Evil Village Releasing May 7th  + More Details

Resident Evil Village Releasing May 7th + More Details

January 21, 2021
Resident Evil Re:Verse Revealed

Resident Evil Re:Verse Revealed

January 21, 2021
Meet Your Allstars In Sony’s Free February PS Plus Game Destruction AllStars

Meet Your Allstars In Sony’s Free February PS Plus Game Destruction AllStars

January 21, 2021

WHAT IS DUAL PIXELS?

Dual Pixels is more than just an organization, it's a culture. The interactive arts are our passion, this includes gaming and innovations brought forward with technology. The beauty of being an independent organization is the fact that we have the opportunity to bring back the enthusiasm in a gaming industry which is becoming increasingly corporate and stale. The Dual Pixels brand is full of perspective hence the reason why we also go by the appellation "The Digital Crossover".

  • Staff
  • Advertise
  • Privacy & Policy
  • Contact

Copyright ©2021 Dual Pixels a Entertainment LLC, All Rights Reserved. | Powered By LIT NYC

No Result
View All Result
  • News
  • PlayStation
  • Xbox
  • Nintendo
  • PC
  • TV
  • Originals
  • Review

Copyright ©2021 Dual Pixels a Entertainment LLC, All Rights Reserved. | Powered By LIT NYC

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.