Valve Releases Official Statement About Steam Caching Issue

Comments

steamwintersale

You may remember that Steam was DDoS'd on Christmas morning. As a result of this attack, Valve's digital storefront began incorrectly relaying cached information, exposing users' personal information—such as billing addresses—to other users during checkout. Considering the time of year and the sale, the results could have potentially been disastrous.

It was recommended by SteamDB at the time that users stay off of the Steam store until the issue was sorted out. It was believed that not visiting the store would keep you out of harm's way. No one ever confirmed whether or not you could, in fact, complete purchases made with erroneously retrieved details and it was better to be safe than sorry.

Today, Valve released an official statement on the matter. They confirmed that it would not be possible to "[complete] a full transaction as another user." The information displayed was limited to "a Steam user's billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address." Credit card numbers and user passwords, in specific, remained hidden. They then go on to say the following, clarifying SteamDB's prior theory.

If you did not browse a Steam Store page with your personal information (such as your account page or a checkout page) in this time frame, that information could not have been shown to another user.

Supposedly, the root cause of this issue was a 2000% increase in traffic beyond "average traffic during the Steam Sale." During this particular increase, "caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic." A second set of rules was deployed when the DDoS' second wave occurred. This second set of rules caused the erroneous display of information. As soon as Valve identified the configuration issue, they shut the Steam store down and moved to a new configuration. In the future, they will "work with [their] web caching partner to identify affected users" and improve these caching rules.

How do you feel about this statement?

Share this post:

Share on Reddit

Related:

steam logo welcome banner
Steam’s Updated Refund Policy Now Enforces A Playtime Limit On Early Access Games
steam best of 2023 banner
Steam Unveils Annual Best Of Steam List With A Surprising Entry From Decades Past
steam winter sale 2023 banner
Steam’s Winter Sale Is Now Live Offering Discounts On Thousands Of Games
tagged with ,