Leave a Comment
On December 25th, a configuration error resulted in some users seeing Steam Store pages generated for other users. Between 11:50 PST and 13:20 PST store page requests for about 34k users, which contained sensitive personal information, may have been returned and seen by other users.
On Christmas Day, many people were confused and not sure what was happening to Steam. Some speculated a bug and others thought it was an attack. One Twitter user had a pretty good idea of what was going on.
Steam servers are getting a cache issue as they tried to compensate for a DDOS attack. Avoid steam at all costs.— ProJared (@ProJared) December 25, 2015
Valve continued in the post,
Early Christmas morning (Pacific Standard Time), the Steam Store was the target of a DoS attack which prevented the serving of store pages to users. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
Valve went on to explain that they shut down the Steam store and deployed a new caching configuration. They apologized to everyone who was affected and made sure to note that they were still working hard on the situation to ensure something like this wouldn’t happen again.
The attackers pushed a 2000% increase in traffic to the store and Valve responded by deploying caching rules to minimize impact and reroute the legitimate traffic. Some of the internet responded in a humorous manner, exclaiming that those without Steam could sit idly by as Steam users lit up social media with anxiety.
When Steam is under attack but you don't have steam pic.twitter.com/ixYqhCNZBB— Amaze (@TheAmazemanRBLX) December 25, 2015
Even though the attack was pretty serious, you can bet it won’t be the last for Steam or any other online gaming community. You can read the full statement from Valve on their website.