On Christmas Day, a lot of Steam users received an unwelcome and alarming surprise. Upon logging onto their accounts—or trying to—they found themselves looking at someone else’s details.
The issue was first reported on Twitter, and it appears to have affected a large number of customers. Users say that they saw the site in a different language and that they saw details belonging to other users. This included email addresses, account balances, and currencies, as well as previous purchases, the last two digits of credit card numbers, and PP accounts. You can read more details here.
Some users were told they needed to uninstall and reinstall Steam in order to get everything back in working order. Many reported that this didn’t work.
This is obviously a major breach since it allows customers to access personal information which does not belong to them. According to Steam, it was likely the result of “page caching gone rogue.” Thankfully it doesn’t seem to have resulted in anything worse. Valve released the following official statement concerning the incident:
We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.
In other words, some other person may have seen the details in your account, but they were not able to purchase games using your credit card or PayPal account. That’s good news … but still, this is a pretty major screw-up by Valve, and it was enough of a breach that many users feel violated and hugely inconvenienced. If there are any updates on this story, we’ll be sure to let you know!