So apparently steam is having some major issues, not confirmed if it is a hack yet. Store is completely disabled, all market trading is suspended. If you seem to be logged in as someone else, don’t panic, it is happening to everyone.
I doubt changing password would help at this point, but you can try. Keep an eye on your credit / debit card linked to your steam (even paypal for that matter).
In the meantime you can still buy games and steam keys from 3rd party re-sellers. Greenmangaming and Humble Bundle Store are just a few example.
EDIT: Thanks to @Nicorani for pointing to SteamDB Twitter.
New info thanks to Reddit.
It’s a problem with their caching-server (varnish), caching pages that should not be cached (such as Account-Details, Cart, etc.). It invalidates after some time and is re-cached when the next user visits the page with their profile. You are not actually logged in (as in, you take over the session of the user), you just see pages rendered for others than yourself. This is why different parts of steam appear as different users.
Which page you see is probably dependent on the edge node (first server you connect to) closest to you, hence why different users see different profiles.
My guess to how this could’ve happened is that an untested configuration got activated when steam went down earlier, e.g. due to an auto-conf service (puppet, chef) pulling an untested config or some of their live servers being replaced by staging / development servers. It’s also possible that they were under heavy load and the engineer on duty reconfigured all their edge nodes to cache more aggressively.
Let’s hope they fix this fast, because this is a major data leak. I can see private E-Mail and account names. Let’s hope their cache server is not delivering internal pages.
Credit to: /u/mrallon
Final Update: Steam is working fine now, Valve fubar their server caching, no hacks but a big data leak. (People’s email, phone number and last 4 digit of their CC).
Official Statement by Valve
“Steam is back up and running without any known issues,” a Valve spokesperson told GameSpot. “As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”