Nearly a week later, Valve has finally released a statement, explaining exactly what happened.
Following a temporary shutdown of the Steam Store site, the company continues working with its Web caching partner to identify those whose information was accidentally served to others. While such attacks are a regular occurrence, this particular attack saw traffic increase by 2000% compared to the average traffic during the Christmas Steam sale, a time when gamers look for bargains. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users.
Over the holiday, Steam experienced a serious security breach when users found they could see others’ accounts with personal information like billing addresses and credit card numbers. After the issue was fixed, Valve informed GameSpot that the error was reported due to configuration change that happened earlier that day making the users to see cached pages. The explanatory news post is rounded off with an apology for the exposure of any personal information and the interruption of the Steam service during Christmas. Valve laid out what happened and how many individuals were affected by the incident.
Twitter and NeoGaf were flooded with concerns of Steam users who complained that they could see the payment information of other users, but their attempts to log in to secure their accounts failed.
Online gaming platform Steam had a big Christmas Day meltdown.
Valve also added that there have been no unauthorized actions executed except for the viewing of the information from the cached page. The concern here would be that addresses or other forms of personally identifiable information (PII) could be harvested from Steam and then matched against otherdatabases of stolen personal data.
Once it was discovered this was happening, the Steam store, as we already know, was taken offline for a period of time.
The device was expected to arrive before the end of 2015, but Valve made a decision to delay it because of a major tech-related breakthrough that's supposed to improve the user experience once the headset is commercially available. Once Valve realized the error, they shut down the store until they could get a new protocol set up and confirm the wayward web traffic was being routed properly. However, the details didn't give out complete account numbers, user passwords and data enough to log into otheraccounts, claims Valve. The configuration error was the main culprit, as it affected how Steam cached certain pages, which led to some users receiving cached pages for a different account.
Steam says that it was sharing sensitive data on about 34,000 of its users.
0 komentar:
Post a Comment