Steam is compromised, but you can still save money this Holiday

So apparently steam is having some major issues, not confirmed if it is a hack yet. Store is completely disabled, all market trading is suspended. If you seem to be logged in as someone else, don’t panic, it is happening to everyone.

I doubt changing password would help at this point, but you can try. Keep an eye on your credit / debit card linked to your steam (even paypal for that matter).

In the meantime you can still buy games and steam keys from 3rd party re-sellers. Greenmangaming and Humble Bundle Store are just a few example.

Here are two website I use frequently to find good deals
https://isthereanydeal.com/ (advance)
http://www.cheapshark.com/ (simple)

===================================================================
EDIT: Thanks to @Nicorani for pointing to SteamDB Twitter.




New info thanks to Reddit.
It’s a problem with their caching-server (varnish), caching pages that should not be cached (such as Account-Details, Cart, etc.). It invalidates after some time and is re-cached when the next user visits the page with their profile. You are not actually logged in (as in, you take over the session of the user), you just see pages rendered for others than yourself. This is why different parts of steam appear as different users.

Which page you see is probably dependent on the edge node (first server you connect to) closest to you, hence why different users see different profiles.

My guess to how this could’ve happened is that an untested configuration got activated when steam went down earlier, e.g. due to an auto-conf service (puppet, chef) pulling an untested config or some of their live servers being replaced by staging / development servers. It’s also possible that they were under heavy load and the engineer on duty reconfigured all their edge nodes to cache more aggressively.

Let’s hope they fix this fast, because this is a major data leak. I can see private E-Mail and account names. Let’s hope their cache server is not delivering internal pages.

Credit to: /u/mrallon

======================================

Final Update: Steam is working fine now, Valve fubar their server caching, no hacks but a big data leak. (People’s email, phone number and last 4 digit of their CC).

======================================

Official Statement by Valve

“Steam is back up and running without any known issues,” a Valve spokesperson told GameSpot. “As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”

2 Likes

Aaaaaah!

Awkward… fortunately I only use gift cards to put funds on my Steam wallet, so if they get my account, the liability is limited. I rarely ever look at the Steam store, but I was actually in the process of adding Black Mesa and Wolfenstein The New Order to my cart when it got funny. Thanks for the heads up!

One question. (And this may sound off topic.) Can I still use Steam via the offline mode?

Offline mode should be fine.

As of the time of this post steam seem to be normal now and people are able to see their account. Do what you want with this info, I am avoiding steam for a few more hours just to be safe.

1 Like

Thanks for the info, Abvex. I thought about getting Half Life 2, but I’m glad I haven’t yet.

[quote=“Gulfwulf, post:6, topic:1142015”]I thought about getting Half Life 2, but I’m glad I haven’t yet.[/quote]So what I hear you saying is that you haven’t yet played this game (and presumbaly the subsequent episodes)? :no_mouth:

1 Like

Yeah this thread took a dark new turn, forget caching…whats this about someone not playing Half Life 2.

1 Like

Dude…Half Life 2 is life. Play it.
I bet you haven’t even played Portal .