Steam, the online gaming platform and community from Valve, seems to have fixed a security issue today that allowed anyone to easily get information about games played, achievements, and stats from a private profile.

Kyle Orland of Ars Technica reports that he found the hole while poking around his own Steam profile. He found that you could manipulate the HTML address to unearth a number of different “private” pages associated with his profile, as well as find games he’d played in the page’s source code. According to Orland, he was able to “independently confirm” that this did not just affect his profile but others as well.

People in general should be concerned about these kinds of privacy snafus — not just gamers. Like most things on the Internet, what you believe to be personal or shared just with friends often appears in unexpected places. Thankfully, the information exposed in Steam’s case didn’t include highly sensitive data such as credit card numbers or home addresses. But it’s likely just as annoying as having a Facebook photo leaked.

Orland first tried to find a private user’s (which happened to be his own profile) list of games played by typing in “/games/?tab=all” after the profile’s URL. That didn’t work and instead brought him back to the private profile page. So he inspected the source code associated with the page, and there, in plain text, was the list he’d been looking for.

After identifying the games, he played with the HTML a little more, choosing to search for achievements in the game Portal 2. He added “stats/Portal2/?tab=achievements” to the end of the URL and was immediately taken to the Portal 2 achievements page associated with that profile.

Using the same method, he found the player’s stats for specific games, as well as badges. Orland noted that an observant snooper could find the times that person was playing a game, if their profile was connected to Facebook, and when the profile was created.

As is courteous and traditional, Orland reported the hole to Steam before going public with his information. The holes have seemingly been fixed, but Valve has not responded to the bug report.

Steam image via Shutterstock

An Egyptian hacker claims to have broken into Adobe’s systems today, posting data for 150,000 people’s accounts. The reason? The hacker wants Adobe to pay more attention to reported vulnerabilities.

The hacker, known as Hima, says Adobe is too slow to respond to bug reports and that’s why it deserved to be hacked. Hima claims it takes five to seven days for Adobe to acknowledge a bug submission and three to four months for it to actually fix the problems. In the end, the hacker released 150,000 email addresses and passwords. These include Adobe employees, but also customers and partners, which may include members of the U.S. Military, Google, and NASA, according to the announcement Hima placed on Pastebin.

The New York Times notes that some of these email credentials are old, citing an employee named Ben Tauber who left the company in 2010, and the records are not in plain text but have been encrypted.

Hima suggests that companies should have security teams more like Google, instead of Microsoft or Yahoo. The hacker then promised a “hot leak” of Yahoo’s data soon to come. The purpose of this hack, according to the Pastebin announcement, was to get Adobe’s attention, not to “ruin Adobe’s business.” Hima promises to expose only email addresses of adobe.com, .mil, and .gov.

We have reached out to Adobe for comment and will update this post when we hear back.

Adobe image via midiman/Flickr