Jump to content

Steam blow up - no security breach, apparently

Down

By Down
in Gaming Talk

 Share

Recommended Posts

Down Fuwa Master

Down

Posted
Posted

Seems like lots of people (everyone?) are getting bugs on their Steam account, ie see some stranger's money page (basically you can see their steam wallet, buy history, email and shit, so all the most sensitive info). It's constantly changing.

Might be a good idea to check if yours is fine, possibly pull out sensitive info if you have access.  <- don't. Steam instructions are to NOT touch anything on your steam account, don't log off, don't go to any steam store page.

http://www.neogaf.com/forum/showthread.php?t=1162196

https://www.reddit.com/r/Steam/comments/3y7le9/im_logged_in_as_someone_random_on_steam/

Down Fuwa Master

Down

Posted
  • Author
Posted

Doesn't seem like a hack but it's definitely a security breach if you can see other people's mail and cie.

Seems like if you don't do anything you shouldn't get your page leaked to randoms.

Nosebleed Fuwa Cheater

Nosebleed

Posted
Posted

Good to know it's not a breach. Still, holy fucking shit how did they fuck up this badly.

I haven't visited Steam in a couple days and I'm not logged on Steam on my PC so I should be fine?

Funyarinpa Fuwa Master

Funyarinpa

Posted
Posted

I saw some news saying that it's even possible to use other people's money because of this º-º although it seems to be a false information.

Nah people have been reporting that their card's been charged on NeoGAF

Suzu Fanatic Fuwa Elite

Suzu Fanatic

Posted
Posted

Not sure about it not beign a hack - I was worried about it, so I looked into a exsisting shopping cart - and it held almsot 200 items sitting it. made the mistake of trying to remove them (at the time I was under the impression it was under my account, but technically it was under someone elses). Hope I didn't comprimise my lown account by fiddiling with anything... right now I have steam open, but I seem to be logged out of network...(can't post, cant look at account detaills, etc)

 

sigh, bad times

Down Fuwa Master

Down

Posted
  • Author
Posted

No, it's p much confirmed that it's a cache bleed and all the pages where you see another account than yours are read only. It's not 100% sure because Valve themselves didn't confirm but I wouldn't be surprised if random people were trolling about cards getting debited.

It's still a fuck up because well, you could phone some random dude and say hi or send him dick pics to his mail or shame him because he bought Sakura Santa, but it doesn't seem like credit card info are compromised. 

Seeing everyone flailing around screaming at valve and steam is p funny though.

Also clickbait (kotaku) news sites are already reporting stuff like security breaches without even having asked Valve what's going on. Sasuga.

Nebjula Fuwa Regular

Nebjula

Posted
Posted

The language bug is confusing as hell. I've had my default english steam changed to norweigan, russian, polish and french. Never tried anything like it.

God bless you, Valve.

Dergonu Fuwa Master

Dergonu

Posted
Posted

Haha I feel so silly xD

Went to my card history and saw three steam charges and went "DAMNIT MY CARD INFO IS COMPROMISED!"

Then I realized those three charges were from earlier this week, when I bought some games myself. :amane:

Seems like all we can do is wait it out and just not touch anything on the store page / account info page until its fixed

 

Hey if you need some norwegian translations Nebjula lemme know! :sachi:

Jun Inoue Fuwa Master

Jun Inoue

Posted
Posted

Might not be a breach, but having access to random accounts means people being able to check out your personal info on your Steam account.

Just hoping they solve it soon O:

Decay Fuwa Master

Decay

Posted
Posted

Thankfully I didn't have any cards saved on it. And I guess they can see my paypal account name? Can't do much with that other than send me money.

Send me money, please.

edit: Also I'm pretty sure they only ever display the last few digits of your CC number. So this fuckup looks way worse than it really was.

Jun Inoue Fuwa Master

Jun Inoue

Posted
Posted

Thankfully I didn't have any cards saved on it. And I guess they can see my paypal account name? Can't do much with that other than send me money.

Send me money, please.

edit: Also I'm pretty sure they only ever display the last few digits of your CC number. So this fuckup looks way worse than it really was.

Yeah, most stuff should be save. But the Paypal stuff can be problematic. For example, sometimes Steam doesn't even redirect you to Paypal, simply asks if you wanna pay with it, and directly asks for confirmation and nothing else. So... dunno =X

Store is dead now anyway, so everything should be as safe as it could get.

Decay Fuwa Master

Decay

Posted
Posted

As it was a caching issue, nobody should have been able to actually make purchases with other people's stored payment info and claims to the contrary on sites like neogaf appear to be little more than fear mongering.

Silvz Fuwa Master

Silvz

Posted
Posted

Just remembered that Brazil, thanks to its problems with banks, didn't have purchases done directly through Steam - we have to use a third party system to pay -, so my info are safe <3

Suzu Fanatic Fuwa Elite

Suzu Fanatic

Posted
Posted

My only real concern now, is that under payment details - you can view the full name and address attached to a credit card saved in the system.

 

I mean sure, the CC# is censored (except last 4 digits) - but name and address is on full display, pair that with email and = profit? Don't like my real details just hanging out there in the void. Hoping the servers were shut down before anyone saw it. Obviously just being paranoid - but we live in a age of identity theft, after all.

firecat Fuwa Veteran

firecat

Posted
Posted

My only real concern now, is that under payment details - you can view the full name and address attached to a credit card saved in the system.

 

I mean sure, the CC# is censored (except last 4 digits) - but name and address is on full display, pair that with email and = profit? Don't like my real details just hanging out there in the void. Hoping the servers were shut down before anyone saw it. Obviously just being paranoid - but we live in a age of identity theft, after all.

why yes this been covered many times other the years, your CC# are shown everywhere.

"Heck, most of the time they'll call you before you ever notice it happened. Credit card fraud is so pervasive, banks have started covering the cost just so people don't cancel their cards."

http://money.usnews.com/money/personal-finance/articles/2013/07/10/how-credit-card-companies-spot-fraud-before-you-do?page=2

"No one ever compares the signature on the slip to your real one. It's more security theater."

http://www.npr.org/templates/story/story.php?storyId=92278323

solidbatman Fuwa Master

solidbatman

Posted
Posted

And the PC Master Race crowd will keep sucking GabeN's dick and pretend it never happened. The fact Valve STILL has not released an official statement is appalling and disgusting. As the largest digital games platform, they need to get their shit in order. Hell, EA with Origin has better customer support than Valve does with Steam. 

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...