Here are some basic facts that I've gathered in my own personal panic as I firmly believed that my Steam library was about to be decimated by strangers:
1.) On Christmas day around noon-ish PDT some users reported that when clicking on items on the store or community pages that Steam was re-directing them to the account details page of other random users. They were able to do this through the Steam dekstop/mobile clients as well as through browsers. According to Steam the issue lasted for less than an hour.
2.) There's a chance that information such as your Steam wallet funds, e-mail address, partial phone number (last 4 digits), address, and last 2 digits of your credit card number (or PayPal info, but I don't use PayPal) were visible.
3.) I have read conflicting reports about what people were actually able to do on the random account details page. Some people reported that when they tried to click on something on the random pages that they were simply re-directed to another random account detail page. Others reported that they were actually able to change information (like phone numbers) on the account page. Steam has reported that there hasn't been any unauthorized account actions.
4.) Steam is saying that they weren't hacked or DDoS'd and all the shenanigans were caused by a "caching issue." It's probably North Korea...trying to steal our hot winter gaming deals.
Frustratingly, information from Valve/Steam has been trickling out. The timing of this whole event has been horrid--right in the middle of a major holiday, right in the middle of a huge sale event, and right in the middle of people enjoying their vacations. I only learned of it from browsing my Facebook newsfeed and seeing a panic-y article from Kotaku. Hopefully after the holidays are over we will hear more. Steam isn't known for their stellar customer service and any discussions related to the "event" in the Steam community were quickly quashed by moderators. Some people were trying to spend gift cards or were in the middle of purchasing something when the problems started. I hope those people don't lose their funds and are able to recover anything they might have lost in the fiasco.
I suppose the moral of this whole situation is that extra security goes a long way. Although I initially was worried about the possibility of anything untoward happening to my Steam account (or personal info!), I felt reassured by the fact that I have enabled two factor authentication. I would highly encourage others to do the same thing. You don't need a Smartphone and can have authentication codes sent via e-mail. It's another step to take when logging in, but in situations like this it is well worth the very minor added step.
Just to be safe I would keep an eye on my credit card/PayPal transactions. There still isn't much information about the scope of the issue and how many accounts were actually exposed.
UPDATE 12/30/15:
Valve finally released an official statement about what happened. It's not glaring on the front page of Steam, but it's reassuring that they finally spoke up (read it here). 34,000 accounts might have been exposed. That seems like a relatively small number when compared to the 125 million estimated Steam accounts. I haven't had many problems with Steam before or after this issue, but some users have complained about difficulties with many different aspects of the service during the holiday sale. I'm still going to be watching my credit card statements like a hawk.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.