First  Prev  1  2  Next  Last
Steam just committed Seppuku. Steam Goes Nuts, Offers Access To Other People's Accounts
Posted 12/25/15 , edited 12/25/15
Steam faced something of a catastrophe this afternoon, giving players across the world access to the personal information in other people’s accounts. It’s not yet clear how this happened, but it’s a doozy. Call it the Steam Winter Fail.

Various players across the world logged into their Steam clients today to find that their homepage displaying Russian or another random language. When they checked the “account info” section of Steam, the digital store showed them another user’s account, complete with e-mail addresses, buying history, and other private information. Merry Christmas!

UPDATE (4:30pm): Valve has shut down the Steam store, presumably until they fix this problem.

Original article follows:

Going to Steam’s website would also grant you access to a random user’s account. Based on some rudimentary testing I did this afternoon on my own Steam client, it seemed like trying to view purchase histories and licenses would give you access to other random accounts as well.

The account that my client accessed was using Steam Guard, the tool Valve provides to help prevent unauthorized account access. So clearly that hasn’t helped.

We’ve reached out to Valve for more information and will keep updating you guys as we learn more.

I hate using KOTAKU. http://kotaku.com/steam-goes-nuts-offers-access-to-other-peoples-account-1749718979

Steam Is Randomly Logging Users Into Other People's Accounts And Exposing Their Information.

Some sort of breach or malfunction has hit Steam, the world’s largest PC gaming platform, that is allowing people access to other people’s user accounts. Not just allowing, rather, but forcing users into accounts that aren’t theirs.

That means not only access to other people’s game libraries, but more seriously, potentially harmful information like home addresses, purchase history and even credit card information.

Twitter TWTR +0.00% is exploding with reports of this glitch, and the exact details are still being sorted out. Some users are getting a Russian or French or Spanish landing page instead of English. Some are reporting that they’re being logged into only one of a few different accounts whenever they try to sign in, or even simply refreshing the account page or going to a different section of the client.

It’s tough to know what to do in a situation like this, but the safest thing may be not to do anything at all. It’s unclear what exactly is going on, so staying logged out entirely is probably a good idea. With that said, others are trying to reach their own account in order to delete their payment information from Steam so in case their account is exposed, they’re safe from potential thievery. The prevailing advice at this point, however, is simply avoid trying to log in or change anything at all until we know more.
As of this moment, we have no official word about any of this from Valve (though I and I assume every other outlet out there are trying to reach them for comment), and the official Steam Support Twitter hasn’t made a peep since all this began this afternoon.

Valve needs to take immediate action and bring Steam down entirely. This breach is far beyond an attack that would knock a service offline, as it’s granting easy and immediate access to deeply sensitive information regarding an unknown number of users. Because of past attacks on services like Xbox Live and PSN on Christmas, the timing of this is more than little suspicious, though right now we don’t know if this is a technical issue or a specific malicious attack.
Stay tuned here for more information, and I will update either at the bottom of this post, or via my Twitter account, depending on my location.

For now, I would advise against trying to log in at all, and would say to keep an eye on whatever card you have linked to Steam. Hopefully Valve will make a public statement soon about actions users should or should not take, or a way to check if your information was breached.

Update (4:32 PM): Valve has shut down the Steam store and community sites as a reaction to the breach.

Update (4:51 PM): Apparently earlier today hacking group SkidNP launched a DDoS attack on Steam, something they previously promised to do over Christmas. It is not clear if that attack is related to what’s happening currently with Steam. It seems unlikely a DDoS attack could produce what we’re seeing here, but it is possible the attack was more malicious than it initially appeared, or that this is a technical problem that cropped up in the wake of the attack. We are still waiting to hear from Valve directly about the cause of this.

I asked security expert Troy Hunt (of HaveIBeenPwned.com) about a possible connection.

“[They're] quite possibly related,” he said. ”We’ve seen other cases in the past where environments under high load have had session management problems and assigned one person’s identity to someone else. It would be enormously coincidental to have both these issues occur at the same time and not be related.”
http://www.forbes.com/sites/insertcoin/2015/12/25/steam-is-randomly-logging-users-into-other-peoples-accounts-and-exposing-their-information/

Well you guys you better star checking your credit cards.
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 12/25/15
you do realize they can't buy anything or do anything, it's just a bug in caching servers.
Posted 12/25/15

Radraymond01 wrote:

you do realize they can't buy anything or do anything, it's just a bug in caching servers.


Hackers only need minimal info to fuck you over.

Werina 
206753 cr points
Send Message: Send PM GB Post
Offline
Posted 12/25/15 , edited 12/25/15
Oh steam for thee almighty


if anyone gets the account gaben69, its me
8524 cr points
Send Message: Send PM GB Post
14 / M
Offline
Posted 12/25/15
I wonder if steam is still gonna be used after its back up or is this the end of steam hm...
21057 cr points
Send Message: Send PM GB Post
Offline
Posted 12/25/15
Oh my... Can't be good and the potential phishing emails going out after the incident is really doing to be hurtful...
39080 cr points
Send Message: Send PM GB Post
26 / M / Your friendly nei...
Offline
Posted 12/25/15
Whoopsie
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 12/25/15

KarenAraragi wrote:


Radraymond01 wrote:

you do realize they can't buy anything or do anything, it's just a bug in caching servers.


Hackers only need minimal info to fuck you over.



It's not consistent enough to be useful. If you're switching accounts every page and and the best you can get is the last 4 digits from a credit card and you don't even know the name of the person, then there is not much you can do.
Posted 12/25/15 , edited 12/25/15

Radraymond01 wrote:


KarenAraragi wrote:


Radraymond01 wrote:

you do realize they can't buy anything or do anything, it's just a bug in caching servers.


Hackers only need minimal info to fuck you over.



It's not consistent enough to be useful. If you're switching accounts every page and and the best you can get is the last 4 digits from a credit card and you don't even know the name of the person, then there is not much you can do.


YOU ARE UNDERESTIMATING HAKERS.

Edit. Your personal information can be use in other ways. Especially the last 4 numbers of your credit card. For identity theft and such things. While you may be OK in many areas. Doesn't mean you are safe or your information wouldn't be use in a lot of illegals things. I will still insisted in checking your credit card account and changing it. Just to be safe. Better safe than sorry.
Posted 12/25/15
sounds frightening.
145761 cr points
Send Message: Send PM GB Post
26 / F / Overlord's Castle
Offline
Posted 12/25/15 , edited 12/25/15
This is why I prefer to buy my games/ have physical copies.
13626 cr points
Send Message: Send PM GB Post
21 / Australia
Offline
Posted 12/25/15 , edited 12/25/15

Radraymond01 wrote:


KarenAraragi wrote:


Radraymond01 wrote:

you do realize they can't buy anything or do anything, it's just a bug in caching servers.


Hackers only need minimal info to fuck you over.



It's not consistent enough to be useful. If you're switching accounts every page and and the best you can get is the last 4 digits from a credit card and you don't even know the name of the person, then there is not much you can do.


They could put your email on a spam list I guess.

Edit: It's also possible that you've put your phone number on steam so that could be a pain in the ass.
3349 cr points
Send Message: Send PM GB Post
16 / M / Ente Isla
Offline
Posted 12/25/15 , edited 12/25/15

KarenAraragi wrote:

Update (4:51 PM): Apparently earlier today hacking group SkidNP launched a DDoS attack on Steam, something they previously promised to do over Christmas. It is not clear if that attack is related to what’s happening currently with Steam. It seems unlikely a DDoS attack could produce what we’re seeing here, but it is possible the attack was more malicious than it initially appeared, or that this is a technical problem that cropped up in the wake of the attack. We are still waiting to hear from Valve directly about the cause of this.


I was wondering why the store was running so slow earlier in the day.

Anyway, I don't have anything to worry about. No credit card information is on my account, nor is there any information about my identity or location present on it. That's not the case for everyone though. My condolences go out to those who have had their information accessed and I sincerely hope that it doesn't negatively impact them in the future.

If you guys are interested, Totalbiscuit gave a good rundown of the situation.

21057 cr points
Send Message: Send PM GB Post
Offline
Posted 12/25/15
Apparently some people are reporting that they've lost money due to payment cards... Not sure, if they are fraudulent or not but this is not looking good. >--->

(So long for just 'caching' ... Maybe I should stop hanging out in 4chan /v/ now... getting worried)
1150 cr points
Send Message: Send PM GB Post
16 / M
Offline
Posted 12/25/15

conikettu wrote:

Apparently some people are reporting that they've lost money due to payment cards... Not sure, if they are fraudulent or not but this is not looking good. >--->

(So long for just 'caching' ... Maybe I should stop hanging out in 4chan /v/ now... getting worried)

If so, then steam has somehow managed to fuck their infrastructure over in ways that are unimaginable.

First  Prev  1  2  Next  Last
You must be logged in to post.