Join gaming leaders online at GamesBeat Summit Next this upcoming November 9-10. Learn more about what comes next. 


Steam, the online gaming platform and community from Valve, seems to have fixed a security issue today that allowed anyone to easily get information about games played, achievements, and stats from a private profile.

Kyle Orland of Ars Technica reports that he found the hole while poking around his own Steam profile. He found that you could manipulate the HTML address to unearth a number of different “private” pages associated with his profile, as well as find games he’d played in the page’s source code. According to Orland, he was able to “independently confirm” that this did not just affect his profile but others as well.

People in general should be concerned about these kinds of privacy snafus — not just gamers. Like most things on the Internet, what you believe to be personal or shared just with friends often appears in unexpected places. Thankfully, the information exposed in Steam’s case didn’t include highly sensitive data such as credit card numbers or home addresses. But it’s likely just as annoying as having a Facebook photo leaked.


Three top investment pros open up about what it takes to get your video game funded.

Watch On Demand

Orland first tried to find a private user’s (which happened to be his own profile) list of games played by typing in “/games/?tab=all” after the profile’s URL. That didn’t work and instead brought him back to the private profile page. So he inspected the source code associated with the page, and there, in plain text, was the list he’d been looking for.

After identifying the games, he played with the HTML a little more, choosing to search for achievements in the game Portal 2. He added “stats/Portal2/?tab=achievements” to the end of the URL and was immediately taken to the Portal 2 achievements page associated with that profile.

Using the same method, he found the player’s stats for specific games, as well as badges. Orland noted that an observant snooper could find the times that person was playing a game, if their profile was connected to Facebook, and when the profile was created.

As is courteous and traditional, Orland reported the hole to Steam before going public with his information. The holes have seemingly been fixed, but Valve has not responded to the bug report.

Steam image via Shutterstock


GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and "open office" events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties
Become a member