Steam misconfiguration causes leak of personal data

Some sort of glitch has caused Steam, one of the largest online gaming platforms, to expose private user information.

From what has been reported, it sounds like users who tried to logon on Christmas Day discovered that they were seeing the Account information of other users.  This means that users were able to access other people’s game libraries, and were able to see sensitive information including names, home addresses, email addresses, purchase history, Paypal account information, and even partial credit card numbers.

“Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour,” Doug Lombardi, Steam’s parent company Valve’s vice president of marketing, said in an email statement on Friday. “This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”

Many users took to Twitter to complain about the issue, and by all accounts, Steam and Valve have kind of left those users hanging when it comes to answers.  In fact, another account known as Steam DB, which is in no way affiliated with Steam and Valve, seems to be the best place to get information at the moment.

Steam was recently in the headlines when they announced that they would be cracking down on theft in Steam Trading. Account hijacking can be incredibly lucrative, with some attackers pulling in thousands of cash dollars trading away other people’s goods. Steam Trading is used to trade in-game items, games and virtual cards.  Steam did not want to take the items away from the innocent users that had purchased them from thieves, so they duplicated stolen items and gave them to the aggrieved parties.  The problem is that this devalues the items, since there are now more of them to be had.  Steam is still trying to work out the kinks in this system.

 

For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.

 

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *