Steam dun fucked up

Skanda

Skanda

I'm Amod too!
6,662
4,506
https://www.reddit.com/r/Steam/comme...ndom_on_steam/

Public service warning.

Apparently people are being logged into random accounts, complete with access to personal info attached to that account.

Edit: Just tried to check my account details and it gave me the account details of some random guy with 30 bucks in his wallet. Bad shit is happening.
 
Chysamere

Chysamere

<WoW Guild Officer>
3,322
2,940
The official word is don't touch any steam URLS, don't try to login, and don't go to the store. This includes on the Steam program itself.
 
jooka

jooka

marco esquandolas
<Bronze Donator>
14,417
6,134
ya, glad I dont save any info there. this is hugely bad.
 
H

HUH_sl

shitlord
318
0
People are saying its just page caching gone crazy and to avoid everything related to Steam until they fix it.

But people are saying they can make edits to accounts, and the fact that it happened today of all days points to something a little more serious. The world is ending!
 
Skanda

Skanda

I'm Amod too!
6,662
4,506
I'm getting random accounts for every link I try. Doesn't look like I can see credit card info (Thank god (Though I'm not ballsy enough to try buying something right now)). But it's still pretty bad seeing the rest of it.
 
Xevy

Xevy

Log Wizard
8,610
3,817
Still takes the security code to use people's credit cards, but yeah, this is very bad.
 
zombiewizardhawk

zombiewizardhawk

Potato del Grande
9,332
11,911
So i've been logged into steam and playing dota 2 all day... hopefully that is enough to prevent anyone from getting in to my account (since it's already logged in?) even though I don't save any cc info or anything.
 
D

Dudebro_sl

shitlord
862
2
I've been logged in forever and still am but I haven't moved off the library page since last night. I don't see any steamguard emails or purchase emails yet.
 
Xalara

Xalara

Golden Squire
826
81
I don't even know how this should be possible. I doubt Valve did any major updates the past few weeks, and these types of systems don't just randomly go crazy like this. Considering the day and severity I'm going to put my money on this being malicious.
 
Sulrn

Sulrn

Deuces
2,159
360
Userid hasn't changed, but apparently I'm now a German based out of Marburg.

Quine, am I somewhere decent?
 
Dalien

Dalien

Registered Hodor
2,181
2,020
Supposedly back up and fixed now. Wasn't a hack, was some kind of screw up with their caching server as explained by someone smarter than me:

It's a problem with their caching-server (varnish), caching pages that should not be cached (such as Account-Details, Cart, etc.). It invalidates after some time and is re-cached when the next user visits the page with their profile. You are not actually logged in (as in, you take over the session of the user), you just see pages rendered for others than yourself. This is why different parts of steam appear as different users.

Which page you see is probably dependent on the edge node (first server you connect to) closest to you, hence why different users see different profiles.

My guess to how this could've happened is that an untested configuration got activated when steam went down earlier, e.g. due to an auto-conf service (puppet, chef) pulling an untested config or some of their live servers being replaced by staging / development servers. It's also possible that they were under heavy load and the engineer on duty reconfigured all their edge nodes to cache more aggressively.

Let's hope they fix this fast, because this is a major data leak. I can see private E-Mail and account names. Let's hope their cache server is not delivering internal pages.
Click to expand...
 
You must log in or register to reply here.