PSA - DO NOT TOUCH STEAM RIGHT NOW

Discussion in 'Gaming' started by xHaro_Der, Dec 25, 2015.

  1. Users are reporting being able to access the information of other users on Steam currently - usually from Asia but some from US/UK/EU.

    This is the result of a failure in the caching system used by Valve to spread load on their infrastructure.

    Do not use Steam at all right now, don't even go to the website or risk having sensitive information (including your credit card) compromised.

    I anticipate that this very issue is going to be flagged as a major data breach once it's over. Everybody is suggesting that Valve kill their servers until his is resolved (an incredibly wise idea) but no word has returned from Valve - people are assuming all of their staff is on Christmas break.



    An explanation of how the breach works:

    When a user requests to load the "store" page, Steam will notice that he's from the UK and so they give him the same page (called a cache) of another person from the UK. This, in practice, is harmless and helps the server load.

    However, instead of it only caching insensitive data, it's caching all data and serving it to the next person instead of the person that's supposed to get it.

    For example:

    Bob loads his account settings page.

    Steam is caching his own information to send him, so that he can see his account settings.

    Bob was the 14th person in the cycle to ask Steam for their account settings.

    In theory, Steam should prepare the page and send it to requester 14, being Bob. He can now do as he wishes on his settings.

    What's happening now, is that Steam is preparing Bob's account settings and instead of sending it to his request, it's sending it to the next in line (being #1).

    In the end, requester #1 gets Bob's information and the next person will get requester #1's information.

    This manifests as a complete jumble of wrong information being sent to the wrong people.
    TromboneSteve, _Ulti, Olaf_C and 2 others like this.
  2. Would this be why my Steam store is randomly changing languages? Also I can't even view the profiles of my friends right now.
  3. I got someone else's wishlist, can't visit the store, and I keep changing languages randomly.

    It's alright, not like I wanted to buy any games anyway. -_-
    Tigerstar likes this.
  4. That's exactly why.

    It seems some fairly unintelligent staff member at Valve messed with a cache setting so that it now serves the correct cache page for a particular user to the first one that 'asks' for it.

    So Bob, user #14, hits the store page and the information for the UK server is loaded by the cache, instead of the cache going to user #14, it'll go to user #1 (the next person in line for the page request).
  5. The Steam site seems inaccessible for me...
    Code:
    An error occurred while processing your request.
    Reference #******************************
  6. Guys I really wouldn't even try to get on Steam now. As my post above explains..

    Loading any Steam page now puts YOUR information into a cache and serves it to somebody else. Every time you try to load something, your personal information is given to somebody.
  7. I'm just glad I don't have any credit cards stored on Steam. I can't log out of Steam right now because I have a download that is almost finished and I want to get it done before I have to go to bed.
  8. Do not attempt to log out.

    It does not matter if you are logged in. It matters if you are logged in AND you try to load a page.

    Your information is safe if you aren't trying to access any Steam pages. But if you do, it's cached to somebody else and that's where you're in trouble.
  9. Is viewing your library safe? What about playing games online?
  10. Playing games can't be guaranteed but looks to be safe to do. In theory your library should be okay since it's not loaded as a web page, but I wouldn't try to unless you have to. Playing games is fine though.
  11. Just do nothing with Steam, to be on the safe side :)

    EDIT: Ninja'd
  12. wants me to make a new profile now...
  13. Don't even use it for anything at the moment.
  14. I closed down steam on my pc for now
    RIP people playing comp on cs go
  15. I have been staring at my library for the past hour and a half waiting for a game to finish downloading. I haven't visited the Steam store since about noon. Am I still safe?
  16. As long as you don't refresh
  17. How do you refresh your library?
  18. going to another page and coming back (or maybe clicking library again)
    Just stay on the library, don't do anything else. Better be safe than sorry
  19. Great, I just bought a $99.99 in-game currency package before seeing this :(

    *Hopefully I can dispute the charge and keep the items I bought. lol