Updated at 6:30 p.m. Pacific time: Steam is back up and running.
PC gaming’s biggest online store experienced serious glitches earlier today.
Steam went down during the Christmas holiday. Gamers on Twitter reported issues getting onto the download service. But that was not Steam’s biggest issue. Bugs caused gamers to randomly get access to other customer’s account information (along with a glitch that changes the language of Steam). To get an idea of what is happening, I went to the Steam Client, cliecked my username at the top right, and selected “Account Details.” I saw someone else’s name and email address. After refreshing, I saw someone else’s info.
We reached out to Valve, and the company provided GamesBeat with the following statement after bringing Steam back online.
“Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.”
Players on gaming forums like NeoGAF reported that checking their account gave them access to email addresses and other personal info that doesn’t belong to them. Additionally, some players are said that they have money in their Steam Wallet account that they didn’t before.
A NeoGAF member posted the following example of what you might see with the affected user’s email address blocked out:
The person whose account I currently have access to has around $26 in their Steam Wallet. I don’t want to test out what will happen, but others are claimed that you cannot actually conduct a transaction on Steam at the moment.
The Steam Database Twitter account — which is not affiliated with Valve — explained some more of what happened.
By the way, this is not a security breach. This is page caching gone rogue. Most likely not respecting Cache-Control headers.
— Steam Database (@SteamDB) December 25, 2015