Steam faced something of a catastrophe this afternoon, giving players across the world access to some of the personal information in other people’s accounts. It’s not yet clear how this happened, but it’s a doozy. Call it the Steam Winter Fail.
Various players across the world logged into their Steam clients today to find their homepage displaying Russian or another random language. When they checked the “account info” section of Steam, the digital store showed them another user’s account, complete with e-mail addresses, buying history, and other private information. Merry Christmas!
UPDATE (4:30pm): Valve has shut down the Steam store, presumably until they fix this problem.
UPDATE 2 (6:05pm): Looks like the Steam store is back online. I’ve been able to log in and my information is all correct now. Still no official word from Valve, which is a bit disconcerting. The fan-run SteamDB theorizes that this was “a misconfiguration in one of Valve’s caching layers.”
UPDATE 3 (8:25pm): Valve has finally commented on today’s events, sending a statement to Kotaku this evening:
Steam is back up and running without any known issues. As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users.
Original article follows:
Going to Steam’s website would also grant you access to a random user’s account. Based on some rudimentary testing I did this afternoon on my own Steam client, it seemed like trying to view purchase histories and licenses would give you access to other random accounts as well.
The account that my client accessed was using Steam Guard, the tool Valve provides to help prevent unauthorized account access. So clearly that hasn’t helped.
We’ve reached out to Valve for more information and will keep updating you guys as we learn more.