Updated at 6:30 p.m. Pacific time: Steam is back up and running.
PC gaming’s biggest online store experienced serious glitches earlier today.
Steam went down during the Christmas holiday. Gamers on Twitter reported issues getting onto the download service. But that was not Steam’s biggest issue. Bugs caused gamers to randomly get access to other customer’s account information (along with a glitch that changes the language of Steam). To get an idea of what is happening, I went to the Steam Client, cliecked my username at the top right, and selected “Account Details.” I saw someone else’s name and email address. After refreshing, I saw someone else’s info.
We reached out to Valve, and the company provided GamesBeat with the following statement after bringing Steam back online.
“Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”
Players on gaming forums like NeoGAF reported that checking their account gave them access to email addresses and other personal info that doesn’t belong to them. Additionally, some players are said that they have money in their Steam Wallet account that they didn’t before.
A NeoGAF member posted the following example of what you might see with the affected user’s email address blocked out:
The person whose account I currently have access to has around $26 in their Steam Wallet. I don’t want to test out what will happen, but others are claimed that you cannot actually conduct a transaction on Steam at the moment.
The Steam Database Twitter account — which is not affiliated with Valve — explained some more of what happened.
By the way, this is not a security breach. This is page caching gone rogue. Most likely not respecting Cache-Control headers.
— Steam Database (@SteamDB) December 25, 2015
GamesBeatGamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
- Newsletters, such as DeanBeat
- The wonderful, educational, and fun speakers at our events
- Networking opportunities
- Special members-only interviews, chats, and "open office" events with GamesBeat staff
- Chatting with community members, GamesBeat staff, and other guests in our Discord
- And maybe even a fun prize or two
- Introductions to like-minded parties