Steam collapses on Christmas, Allows Access to Other User’s Accounts

Update 22.30 GMT: 

Valve has spoken and confirmed that this error is not the result of a hack and are fixing on solving the issue.

SteamDB have also produced an article explaining what is likely to have happened with regards to Steam caching which is believed to be behind users seeing other people’s accounts. You can read this article here.

 

UPDATE 22.00 GMT: Valve has now shut down the Steam Store as well as blocked access to Community Features in an attempt to limit the spread of personal information which has been available.

Original Story: If you were banking on cashing in your Steam Giftcard or treating yourself to some new games during the Steam Winter Sale today, you would have been very disappointed to find that the Steam Store has been offline for the majority of the day.

To begin with, it appears that Steam was hit by a DDOS attack which first took down the store, before moving on to impact other areas of the Steam infrastructure. This wouldn’t have been too much of an issue, more of an inconvenience really. However as the day has progressed, people have begun to notice some very strange, and alarming issues with Steam.

Numerous people have reported being able to access another users details via Account Information from within the client. I can confirm this as I have also been able to see details of other users, including their email addresses, balance, purchase history as well as any payment methods. The Steam Store, if you can access it, will also display as if it was that being accessed by another user, meaning you are logged-in to someone else’s account. For example, the language will change with Russian being the most popular one to stumble across, along with seeing other peoples friends on the store.

However if you try to change any information of another user under “Account Details”, Steam will send you on a loop back to the Account section, sometimes with a new user so it seems that so far, your details aren’t able to be changed and modified. Also, if you have any funds in your wallet, I haven’t been able to find any confirmation that other users can spend that money, with again Steam looping it back round when an action is attempted to be performed on an account which is not your own.

An official Valve moderator on the Steam subreddit stated that Valve are aware of the issues and are working to fix it as we speak.

Your first instinct in these kind of circumstances would be to change your password and remove or unlink your payment options. However Steam are advising strongly against doing that as well as visiting any Steam Community or Steam Store URL’s, both from browsers and from within the Steam client.

If you know you’re already logged in, do NOT visit any Steam Community or Steam Store URL.

This includes any internet browsers and the Steam Desktop/Mobile Client!

Do NOT unlink PayPal, do NOT remove credit card info. You aren’t protecting yourself and risking others from accessing your information.

It is unclear what exactly is behind these recent issues with Steam and whether or not it is an internal error and therefore unfortunate that it has coincided with the threats from hackers, or if this is the result of the attacks launched on Steam earlier on Christmas day.

The SteamDB Twitter account though has claimed that it is due to an error with the way Steam is currently caching things and advises not to access the Steam store.

If you are concerned about your account security, chances are that nothing has been changed with your account and everything will be returned as it was, although we recommend changing the password of any other sites which use the same password as your Steam account, as well as changing your Steam password as soon as Valve announce the issue resolved. Do not change your password before.

In short, don’t use Steam at all, and if you do use Steam, only use it to play games. Do not visit any Steam URLs from the client, such as your Profile, the Steam Store and Community Hubs.

*This story will be updated with any further development

 

 

Related posts

Beyond Galaxyland Review

Call of Duty: Black Ops 6 Review

Red Dead Redemption Review (PC)