Steam Hacked?

[PrincessFrosty]

In steam click your account name at the top right, see if the account name and recovery email and other personal settings are set to your own, for me they're not, and the transaction history seems to be screwed too.

*edit*

It looks like it was a caching issue with steams web servers and not hackers.

 

[nurturedhate]

I think there is something wrong with Steam overall, keep refreshing that link and you will get different user info.

 

[cronos]

Yeah I posted this on the Winter Sale thread. All kinds of craziness is happening. It looks like you are logged in as other people from random countries around the world. I got a Russian, Chinese, and some Cam Newton fan

 

[Dankk]

Yup, looks like the Steam store is under attack right now. Lots of people are logging into Steam and noticing different languages pop up on the store, and even worse, people are finding themselves with access to other people's account details and profiles.

https://www.reddit.com/r/Games/comments/3y7maa/something_is_really_wrong_with_steam_be_careful/

Might be best to sign out of Steam right now and wait until this all blows over and the extent of the damage has been uncovered. If you have payment information tied to Steam, then watch your bank account like a hawk. (You could also try to remove your payment info from your account, if you can manage to get the store to stop erroring out.)

 

[nurturedhate]

If you go to Steam in the top left and then settings it shows all of my correct info but under the top right corner it does indeed show differing info and trying to change anything runs into a general steam issue. I've seen 6 different emails under the top right so far over the last 5 minutes or so.

Seems more like a glitch in steam itself rather than them getting hacked.

 

[Artorias]

Wow this is fucked up, I can see last digits for credit card info and full address for people who have that saved, their email and last digits for cell phone as well.

Apparently there have been reports of fraudulent purchases, good god this is bad.

 

[PrincessFrosty]

Looks like there's a problem with the website as well, friends reported being logged into the site as other people, it's likely setting localization such as language settings depending on your account origin so that'll explain why people are getting different languages.

For me I'm getting different peoples accounts through steam, this is really bad because it shows their full email address, purchase history, steam wallet value etc. I really hope that steam funds and purchasing is being effected otherwise we might end up with fraudulent charges.

*edit*

Oh god you can see, and I suspect probably change (I've not tried) things like the recovery number, steam guard settings, things like manage family view and what PC's are enabled there, shared library settings, etc. Jesus...

 

[PrincessFrosty]

Wow this is fucked up, I can see last digits for credit card info and full address for people who have that saved, their email and last digits for cell phone as well.

Apparently there have been reports of fraudulent purchases, good god this is bad.

Yeah last digits are bad often times hackers can use this info to reset accounts that are billed on this card, as they'll ask for the last 4 digits as a security measure.

I've not checked my credit card account yet to see for fraudulent purchases, but I'd be careful with that since when you check your purchase history in steam it actually shows you a random persons, so try not to panic, confirm with your credit card first.

 

[Artorias]

Why they haven't pulled the kill switch yet is ridiculous, shut the whole thing down if you have to for a couple hours.

Good thing I didn't save CC info but now they at the very least someone knows you email which is bad.

 

[PrincessFrosty]

Why they haven't pulled the kill switch yet is ridiculous, shut the whole thing down if you have to for a couple hours.

That's what I'm thinking, there's places on the web where people are just posting private information of whoever they're logged in as.

Also it's strange that it seems to be random, and rotating, what could cause that? It seems to me that you'd need to have access to the steam servers and change the server code base, or at least access to the steam databases to mess with people's IDs, because all the auth protection is being completely bypassed, this isn't some hacking of steam guard it's actually at their end. That's worrying because if someone is on their servers they will have no doubt made off with the code base and database dumps before causing this kind of mess. I find it really hard to imagine this being a bug due to a genuine mistake.

I'd be willing to predict at this stage we can expect news of a steam leak in the near future.

 

[Artorias]

I just read that someone got a password change email. GG Valve.

 

[cronos]

Looks like they finally pulled the plug and shut down most everything.

 

[sandorski]

My info won't even load. There's probably a million people simultaneously trying to play their shiny new Steam games.

 

[PrincessFrosty]

The billing and account pages are down now, thank god. I've read in a few places that it could be a caching issue, no doubt they would have made caching changes to deal with the unusually high load at xmas time, although why they'd do it on things like billing pages which need a high level of security is unfathomable to me.

 

[Dankk]

I've read in a few places that it could be a caching issue

People are saying that it looks like a failing/misconfigured caching server. Which, on the bright side of things, means that people don't actually have access to your account for making purchases; they only are viewing cached versions of some of your account details. Still sucks though.

 

[Techhog]

12-year-olds seeking attention win again!

 

[balloonshark]

Did you get a Steam update a day or two ago that asked for your logon information? Steam has updated twice during this sale for me and the last time is asked for my username and password. Please tell me you all saw the same thing.

 

[Zodiark1593]

I apologize. It was when I bought my sister Goat Simulator that Steam decided to go and off itself. :'(

 

[AdamantC]

Did you get a Steam update a day or two ago that asked for your logon information? Steam has updated twice during this sale for me and the last time is asked for my username and password. Please tell me you all saw the same thing.

Yes, I did get a message a few days ago from Steam itself to verify my account

 

[SilentRunning]

Only recent email I have received was because I installed steam on a new device back on December 10th.

Just went to check out the sale and saw server was down so come here to see what was up.

 

[ronbo613]

I was just getting ready to buy a game with my credit card. Think I shall wait.


http://www.pcworld.com/article/3018...sues-with-account-security-at-the-moment.html

 

[Zodiark1593]

Aside from the Steam Store being down, seen nothing weird on my end. Logged in as myself and everything.

 

[Igo69]

Couldn't access the website at all about an hour ago now seems everything is back to normal.

 

[Aikouka]

Things seem okay now? When I go to Account Details, I just see my information, and the store/website appears to be up.

 

[BFG10K]

Wow this is fucked up, I can see last digits for credit card info and full address for people who have that saved, their email and last digits for cell phone as well.

Apparently there have been reports of fraudulent purchases, good god this is bad.

The next time somebody tells me what a great idea pushing everyone to the cloud is, I'm going to show them this post.

Now watch, I bet we'll get trading cards as an "apology" from Uncle Newell.

Those dumb fuckers shouldn't be storing any personal information as cloud companies have proven time and time again they're incompetent. Yet they're storing addresses and phone numbers which can't simply be "reset".

Merry Christmas, yo!