Valve Releases Official Statement About Steam Caching Issue

Comments

steamwintersale

You may that Steam was DDoS'd on Christmas morning. As a result of this attack, Valve's digital storefront began incorrectly relaying cached information, exposing s' personal information—such as billing addresses—to other s during checkout. Considering the time of year and the sale, the results could have potentially been disastrous.

It was recommended by SteamDB at the time that s stay off of the Steam store until the issue was sorted out. It was believed that not visiting the store would keep you out of harm's way. No one ever confirmed whether or not you could, in fact, complete purchases made with erroneously retrieved details and it was better to be safe than sorry.

Today, Valve released an official statement on the matter. They confirmed that it would not be possible to "[complete] a full transaction as another ." The information displayed was limited to "a Steam 's billing address, the last four digits of their Steam Guard phone number, their purchase history, the last two digits of their credit card number, and/or their email address." Credit card numbers and s, in specific, remained hidden. They then go on to say the following, clarifying SteamDB's prior theory.

If you did not browse a Steam Store page with your personal information (such as your page or a checkout page) in this time frame, that information could not have been shown to another .

Supposedly, the root cause of this issue was a 2000% increase in traffic beyond "average traffic during the Steam Sale." During this particular increase, "caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate traffic." A second set of rules was deployed when the DDoS' second wave occurred. This second set of rules caused the erroneous display of information. As soon as Valve identified the configuration issue, they shut the Steam store down and moved to a new configuration. In the future, they will "work with [their] web caching partner to identify affected s" and improve these caching rules.

How do you feel about this statement?

Share this post:

Share on Reddit

Related:

steam logo welcome banner
Steam’s Updated Refund Policy Now Enforces A Playtime Limit On Early Access Games
steam best of 2023 banner
Steam Unveils Annual Best Of Steam List With A Surprising Entry From Decades Past
steam winter sale 2023 banner
Steam’s Winter Sale Is Now Live Offering Discounts On Thousands Of Games
tagged with