Steam cache overload exploit reveals personal data, no CC or account info compromised

Okay, so I don't know what happened to Steam, but this is a major issue right now, potentially putting 125 million accounts at risk.

When you log in from the Steam client, you will find that the home page language may be changed, or your personalized wishlists or purchase lists are not being displayed. If you attempt to click on 'Account Information' in the client, you are taken to an account information page for some other account. You get shown sensitive information, such as their purchase history, payment method, Steam wallet balance (which you get access to), and more. Steam Guard accounts are not safe from this glitch.

Guys, this is not good.

WHAT DO YOU DO?

Log out of Steam on all devices, wait it out, and hope your account doesn't get exploited.

UPDATE

Valve has taken Steam offline for now. Let's hope the damage is contained.

UPDATE 2

You just search for Steam account page, and then click on Cached.

It's pretty serious now.

So... erm, damn it, I really hope no one has access to my account.

Update 3: Valve has issued a statement regarding today's issues.

"Steam is back up and running without any known issues," a Valve spokesperson told GameSpot. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour. This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."

http://www.gamespot.com/articles/steam-issue-allowing-access-to-other-users-account/1100-6433371/

this shit happens at least once a month.

Good thing I don't use Steam.

I think the safest precaution is not do anything when navigating the Steam Client, not even logging out. Just sort out your personal information outside Steam if you have credit cards or PayPal information.

Steam did really **** up.

Well there's no way around it, valve fucked up bad.

I actually can't access my Steam account at all right now- my credit card is on there, how do I get it removed from there?

Plus I'm worried someone will go through my history and remove games from my library...

I'm not touching it. I don't have any pay info stored thankfully. But email addresses, phone numbers and other personal info is out in the open.

PSN is also down.

Xbox Live is running like a champ though...........

Edit: PSN is back for me. WTF PC?????????

Steamstat guys recommend logging the **** out and not touching Steam until the problem is sorted.

Unfortunately, I don't have an answer to that.

I don't think you should worry too much about the games, the stuff on your inventory or gifts on the other hand...

Logging out from just the client, or the webstore and mobile app too?

This is even worse than the PSN breach. This is a nice Christmas gift for thieves. You just have to hope you don't have any money on your account or whoever gets in is a nice person.

And so it begins, I'm having no problems with steam currently?

Fortunately I don't store payment info online for any of these services (steam, PSN) but it's still worrisome for people to have access to my account info. Unfortunately I'm away from my desktop so the only options I have is mobile or via browser on my laptop but I'm not sure it would help anything. I have steam guard set for my email only

Everything.

https://twitter.com/SteamDB

****! What do I do?

Apparently even Steam Guard can't keep you safe.

@Slashkice: Yeah that's what everyone at Gaf is experiencing. I'm not even gonna turn my PC on or touch Steam. This is crazy!

Thank you, I've done that now.

Jesus, I really hope none of my shit gets exploited. What the ****, Valve.

Yeah, according to @R10nu, the best bet is to just log out from everything and wait this out, and hope your account doesn't get exploited :/

Anyone you know/trust you could tell to log out for you?

---

My question right now is: why is Steam still up? Why have they not taken it offline? This is as major an emergency as there can be for an online storefront.

Log the **** out. On every single device you own.

I don't understand what not logging in would help with. Seems like it's meant to protect others from you, not you from others.

Valve is a extremely incompetent company, ive been saying this for years

I havr payment info stored, cant access it!

This is type of stuff Sony gets railed for or console sin general, lets see the hermits step up here. :D

anyways PSN has a nice Flash sale going on if you want me to post list with links,

Same. And shit in my inventory too, I am pretty sure :/

I think the idea is if everyone logs out, or if most users log out, the potential number of exploits goes down. Or something.

lolno

I hope my credit card isn't on there. I don't know if I have a current card on their or not, I haven't bought anything since getting a new card so hopefully it didn't do one of those auto updates to my card info when I got issued a new one. Anyhow, I remember saying similar last time there was a major security concern, when things stabilize I'm gonna go make sure all that shit is wiped off my account.

According to Twitter, Steam is currently down.

@clyde46: ... so, we're screwed.

@Heil68: This is worse than anything PSN has encountered. We're at the mercy of others right now. They need to shut down the servers ASAP to prevent further damage.

Steam doesn't auto update. Personal experience.

It seems my games are still there being listed, cant navigate to my account info though. Guess I'll log out.

I don't think this is entirely the case though, for some unfathomable reason I was in someone's account who appeared not to be online. That's the weird part.

Tried reloading my profile page, got an error so maybe Steam has been taken offline.

Alright, Steam has been taken down apparently.

Oh gosh, I just launched Steam before I saw this... Better log off.

I got that info from steamstat, updated my previous post with a link to their twitter.

If you're not logged in, your account info is not cached, so other people shouldn't be able to stumble into it.

That's the theory so far at least, no one knows for sure yet.

@R10nu: Thank you! I have added your posts and links to the OP. You have been most helpful.

---

As of right now, Steam is offline.

Sony stored users info in plain text, this is a major account glitch. Either way though, its still bad, very bad.

@R10nu: Thats what we're assuming but I was looking at someone elses account that wasn't online and his last purchase was two days ago.

So go offline and log off is okay right?

They're both terrible and they are both incompetent.

I don't even know where to begin. Even PC betrays me? Looks like I"m Wii U only from here on out!

No.

It seems that this is coming from what Steam was knocked offline earlier in the day, when it came back it went all screwy. I'm guessing its an automated process.

Apparently.

We have no official word on this yet, so this is all conjecture, but... yeah.

So it begins,,lol

"The current status of the @steam_games office..."

link

This is pretty fucked up.

lol