Dual Pixels
  • News
  • PlayStation
  • Xbox
  • Nintendo
  • PC
  • TV
  • Originals
  • Review
No Result
View All Result
  • News
  • PlayStation
  • Xbox
  • Nintendo
  • PC
  • TV
  • Originals
  • Review
No Result
View All Result
Dual Pixels
No Result
View All Result
Home News

Valve Addresses Christmas Steam Security Issue

Rob Hernandez by Rob Hernandez
December 30, 2015
in News, PC
0 0
0
Valve Addresses Christmas Steam Security Issue
0
SHARES
11
VIEWS
Share on FacebookShare on Twitter

Christmas day for a lot of folks was about good times with family friends and playing with the presents under the tree, but some got a little more than they bargained. A flaw in how pages are cached on Steam’s servers allowed users to see others’ personal data. Valve said that only limited information was visible and that no unauthorized actions were taken. The full explanation is below.

We’d like to follow up with more information regarding Steam’s troubled Christmas.

What happened

On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.

The content of these requests varied by page, but some pages included a Steam user’s billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address. These cached requests did not include full credit card numbers, user passwords, or enough data to allow logging in as or completing a transaction as another user.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Valve is currently working with our web caching partner to identify users whose information was served to other users, and will be contacting those affected once they have been identified. As no unauthorized actions were allowed on accounts beyond the viewing of cached page information, no additional action is required by users.

How it happened

Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. Attacks against the Steam Store, and Steam in general, are a regular occurrence that Valve handles both directly and with the help of partner companies, and typically do not impact Steam users. During the Christmas attack, traffic to the Steam store increased 2000{3a19833c997fa52158a43c449fe089ff048ac0506a335cac10721cfa396ff282} over the average traffic during the Steam Sale.

In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.

Once this error was identified, the Steam Store was shut down and a new caching configuration was deployed. The Steam Store remained down until we had reviewed all caching configurations, and we received confirmation that the latest configurations had been deployed to all partner servers and that all cached data on edge servers had been purged.

We will continue to work with our web caching partner to identify affected users and to improve the process used to set caching rules going forward. We apologize to everyone whose personal information was exposed by this error, and for interruption of Steam Store service.

Source.

Tags: PCsecuritySteamValveWinter Sale
Previous Post

Mass Effect Andromeda Director Leaves Bioware

Next Post

Final Fantasy IX Coming to PC, iOS, Android

Rob Hernandez

Rob Hernandez

Rob's been gaming since he was a wee lad. It all started with a NES, and a Super Mario Bros./Duck Hunt combo cart one Christmas morning. Since then, he's been an avid lover of all things video. He also likes comics, manga, movies, long walks on the beach, candlelit dinners and dogs. Rob is also quite adept at speaking in the third person.

Next Post
Final Fantasy IX Coming to PC, iOS, Android

Final Fantasy IX Coming to PC, iOS, Android

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
Why the Steam Deck Hurts PS5, XBOX More than Switch

Why the Steam Deck Hurts PS5, XBOX More than Switch

July 15, 2021
Ultimate Marvel vs. Capcom 3 Lives Again Thanks to Mods

Ultimate Marvel vs. Capcom 3 Lives Again Thanks to Mods

January 23, 2022
Back 4 Blood Gameplay Showcase

Back 4 Blood Gameplay Showcase

December 17, 2020
Joey Ansah (Akuma) & Mike Moh (Ryu) Interviews and Behind-The-Scenes | Street Fighter Assassin’s Fist

Joey Ansah (Akuma) & Mike Moh (Ryu) Interviews and Behind-The-Scenes | Street Fighter Assassin’s Fist

May 23, 2014
Update: Nintendo NX Controller Leaked Photo

Update: Nintendo NX Controller Leaked Photo

98
Rumor: Information On Next Gen Pokemon Games, Dubbed “Pokemon Plus” & “Pokemon Minus”

Rumor: Information On Next Gen Pokemon Games, Dubbed “Pokemon Plus” & “Pokemon Minus”

72
Rumor: Next COD Dubbed “Bloodline”, Activision Entangled in Nintendo NX

Rumor: Next COD Dubbed “Bloodline”, Activision Entangled in Nintendo NX

67
Possible Leaked Super Smash Bros. Character Screen Reveals Full Roster

Possible Leaked Super Smash Bros. Character Screen Reveals Full Roster

64
The Last of Us Episode 1. Nico Parker and Pedro Pascal

The Last of Us Episode 1 Review

February 2, 2023
Hexware #1 cover with Jesminder/Which-Where with a pentagram on fire.

Comic Read of The Week: Hexware #1 | 12/7/22

December 20, 2022
Diablo IV title card.

Diablo IV Release Date Trailer – The Game Awards 2022

December 8, 2022
Dune characters looking out over Arrakis shaped like a crescent moon.

Dune: Awakening Teaser from The Game Awards 2022

December 8, 2022

Recommended

The Last of Us Episode 1. Nico Parker and Pedro Pascal

The Last of Us Episode 1 Review

February 2, 2023
Hexware #1 cover with Jesminder/Which-Where with a pentagram on fire.

Comic Read of The Week: Hexware #1 | 12/7/22

December 20, 2022
Diablo IV title card.

Diablo IV Release Date Trailer – The Game Awards 2022

December 8, 2022
Dune characters looking out over Arrakis shaped like a crescent moon.

Dune: Awakening Teaser from The Game Awards 2022

December 8, 2022

WHAT IS DUAL PIXELS?

Dual Pixels is more than just an organization, it's a culture. The interactive arts are our passion, this includes gaming and innovations brought forward with technology.

The beauty of being an independent organization is the fact that we have the opportunity to bring back the enthusiasm in a gaming industry. The Dual Pixels brand is full of perspective hence the reason why we also go by the appellation "The Digital Crossover".

  • Staff
  • Advertise
  • Privacy & Policy
  • Contact

Copyright ©2023 Dual Pixels Entertainment LLC, All Rights Reserved. | Powered By LIT NYC

No Result
View All Result
  • News
  • PlayStation
  • Xbox
  • Nintendo
  • PC
  • TV
  • Originals
  • Review

Copyright ©2023 Dual Pixels Entertainment LLC, All Rights Reserved. | Powered By LIT NYC

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.